Related papers: X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection

X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection

URL: http://arxiv.org/abs/2302.09491v1
Date: Sun, 19 Feb 2023 06:31:17 GMT
Title: X-Adv: Physical Adversarial Object Attacks against X-ray Prohibited Item Detection
Authors: Aishan Liu, Jun Guo, Jiakai Wang, Siyuan Liang, Renshuai Tao, Wenbo Zhou, Cong Liu, Xianglong Liu, Dacheng Tao
Abstract summary: Adversarial attacks targeting texture-free X-ray images are underexplored. In this paper, we take the first step toward the study of adversarial attacks targeted at X-ray prohibited item detection. We propose X-Adv to generate physically printable metals that act as an adversarial agent capable of deceiving X-ray detectors.
Score: 113.10386151761682
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: Adversarial attacks are valuable for evaluating the robustness of deep learning models. Existing attacks are primarily conducted on the visible light spectrum (e.g., pixel-wise texture perturbation). However, attacks targeting texture-free X-ray images remain underexplored, despite the widespread application of X-ray imaging in safety-critical scenarios such as the X-ray detection of prohibited items. In this paper, we take the first step toward the study of adversarial attacks targeted at X-ray prohibited item detection, and reveal the serious threats posed by such attacks in this safety-critical scenario. Specifically, we posit that successful physical adversarial attacks in this scenario should be specially designed to circumvent the challenges posed by color/texture fading and complex overlapping. To this end, we propose X-adv to generate physically printable metals that act as an adversarial agent capable of deceiving X-ray detectors when placed in luggage. To resolve the issues associated with color/texture fading, we develop a differentiable converter that facilitates the generation of 3D-printable objects with adversarial shapes, using the gradients of a surrogate model rather than directly generating adversarial textures. To place the printed 3D adversarial objects in luggage with complex overlapped instances, we design a policy-based reinforcement learning strategy to find locations eliciting strong attack performance in worst-case scenarios whereby the prohibited items are heavily occluded by other items. To verify the effectiveness of the proposed X-Adv, we conduct extensive experiments in both the digital and the physical world (employing a commercial X-ray security inspection system for the latter case). Furthermore, we present the physical-world X-ray adversarial attack dataset XAD.

Related papers

Principles of Designing Robust Remote Face Anti-Spoofing Systems [60.05766968805833]
This paper sheds light on the vulnerabilities of state-of-the-art face anti-spoofing methods against digital attacks. It presents a comprehensive taxonomy of common threats encountered in face anti-spoofing systems.
arXiv Detail & Related papers (2024-06-06T02:05:35Z)
Towards Generic and Controllable Attacks Against Object Detection [35.12702394150046]
Existing adversarial attacks against Object Detectors (ODs) suffer from two inherent limitations. We propose a generic white-box attack, LGP, to blind mainstream object detectors with controllable perturbations. Experimentally, the proposed LGP successfully attacked sixteen state-of-the-art object detectors on MS-COCO and DOTA datasets.
arXiv Detail & Related papers (2023-07-23T14:37:13Z)
X-Detect: Explainable Adversarial Patch Detection for Object Detectors in Retail [38.10544338096162]
Existing methods for detecting adversarial attacks on object detectors have had difficulty detecting new real-life attacks. We present X-Detect, a novel adversarial patch detector that can detect adversarial samples in real time. X-Detect uses an ensemble of explainable-by-design detectors that utilize object extraction, scene manipulation, and feature transformation techniques.
arXiv Detail & Related papers (2023-06-14T10:35:21Z)
A Comprehensive Study of the Robustness for LiDAR-based 3D Object Detectors against Adversarial Attacks [84.10546708708554]
3D object detectors are increasingly crucial for security-critical tasks. It is imperative to understand their robustness against adversarial attacks. This paper presents the first comprehensive evaluation and analysis of the robustness of LiDAR-based 3D detectors under adversarial attacks.
arXiv Detail & Related papers (2022-12-20T13:09:58Z)
Shadows can be Dangerous: Stealthy and Effective Physical-world Adversarial Attack by Natural Phenomenon [79.33449311057088]
We study a new type of optical adversarial examples, in which the perturbations are generated by a very common natural phenomenon, shadow. We extensively evaluate the effectiveness of this new attack on both simulated and real-world environments.
arXiv Detail & Related papers (2022-03-08T02:40:18Z)
Tensor Pooling Driven Instance Segmentation Framework for Baggage Threat Recognition [39.40595024569702]
We propose a novel multi-scale contour instance segmentation framework to identify cluttered contraband data in baggage X-ray scans. The proposed framework is rigorously validated on three public datasets, dubbed GDXray, SIXray, and OPIXray. To the best of our knowledge, this is the first contour instance segmentation framework that leverages multi-scale information to recognize cluttered and concealed contraband data.
arXiv Detail & Related papers (2021-08-22T00:04:58Z)
Over-sampling De-occlusion Attention Network for Prohibited Items Detection in Noisy X-ray Images [35.35752470993847]
Security inspection is X-ray scanning for personal belongings in suitcases. Traditional CNN-based models trained through common image recognition datasets fail to achieve satisfactory performance in this scenario. We propose an over-sampling de-occlusion attention network (DOAM-O), which consists of a novel de-occlusion attention module and a new over-sampling training strategy.
arXiv Detail & Related papers (2021-03-01T07:17:37Z)
Exploring Adversarial Robustness of Multi-Sensor Perception Systems in Self Driving [87.3492357041748]
In this paper, we showcase practical susceptibilities of multi-sensor detection by placing an adversarial object on top of a host vehicle. Our experiments demonstrate that successful attacks are primarily caused by easily corrupted image features. Towards more robust multi-modal perception systems, we show that adversarial training with feature denoising can boost robustness to such attacks significantly.
arXiv Detail & Related papers (2021-01-17T21:15:34Z)
Occluded Prohibited Items Detection: an X-ray Security Inspection Benchmark and De-occlusion Attention Module [50.75589128518707]
We contribute the first high-quality object detection dataset for security inspection, named OPIXray. OPIXray focused on the widely-occurred prohibited item "cutter", annotated manually by professional inspectors from the international airport. We propose the De-occlusion Attention Module (DOAM), a plug-and-play module that can be easily inserted into and thus promote most popular detectors.
arXiv Detail & Related papers (2020-04-18T16:10:55Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.