Benchmarking the Physical-world Adversarial Robustness of Vehicle Detection

• URL: http://arxiv.org/abs/2304.05098v1
• Date: Tue, 11 Apr 2023 09:48:25 GMT
• Title: Benchmarking the Physical-world Adversarial Robustness of Vehicle Detection
• Authors: Tianyuan Zhang, Yisong Xiao, Xiaoya Zhang, Hao Li, Lu Wang
• Abstract summary: Adversarial attacks in the physical world can harm the robustness of detection models. Yolo v6 had strongest resistance, with only a 6.59% average AP drop, and ASA was the most effective attack algorithm with a 14.51% average AP reduction.
• Score: 14.202833467294765
• License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
• Abstract: Adversarial attacks in the physical world can harm the robustness of detection models. Evaluating the robustness of detection models in the physical world can be challenging due to the time-consuming and labor-intensive nature of many experiments. Thus, virtual simulation experiments can provide a solution to this challenge. However, there is no unified detection benchmark based on virtual simulation environment. To address this challenge, we proposed an instant-level data generation pipeline based on the CARLA simulator. Using this pipeline, we generated the DCI dataset and conducted extensive experiments on three detection models and three physical adversarial attacks. The dataset covers 7 continuous and 1 discrete scenes, with over 40 angles, 20 distances, and 20,000 positions. The results indicate that Yolo v6 had strongest resistance, with only a 6.59% average AP drop, and ASA was the most effective attack algorithm with a 14.51% average AP reduction, twice that of other algorithms. Static scenes had higher recognition AP, and results under different weather conditions were similar. Adversarial attack algorithm improvement may be approaching its 'limitation'.

Related papers

• LiDAttack: Robust Black-box Attack on LiDAR-based Object Detection [5.727912884983492]
  LiDAttack is a robust black-box adversarial attack on LiDAR sensors. Experiments are conducted on 3 datasets (i.e., KITTI, nuScenes, and self-constructed data) with 3 dominant object detection models. The results reveal the efficiency of the LiDAttack when targeting a wide range of object detection models, with an attack success rate (ASR) up to 90%.
  arXiv  Detail & Related papers  (2024-11-04T08:37:12Z)
• Real-Time Dynamic Scale-Aware Fusion Detection Network: Take Road Damage Detection as an example [3.334973867478745]
  Road Damage Detection (RDD) is important for daily maintenance and safety in cities. Current UAV-based RDD research is still faces many challenges. We design a multi-scale, adaptive road damage detection model with the ability to automatically remove background interference.
  arXiv  Detail & Related papers  (2024-09-04T09:03:47Z)
• Fast Information Streaming Handler (FisH): A Unified Seismic Neural Network for Single Station Real-Time Earthquake Early Warning [56.45067876391473]
  Existing EEW approaches treat phase picking, location estimation, and magnitude estimation as separate tasks, lacking a unified framework. We propose a novel unified seismic neural network called Fast Information Streaming Handler (FisH) FisH is designed to process real-time streaming seismic data and generate simultaneous results for phase picking, location estimation, and magnitude estimation in an end-to-end fashion.
  arXiv  Detail & Related papers  (2024-08-13T04:33:23Z)
• First-principles Based 3D Virtual Simulation Testing for Discovering SOTIF Corner Cases of Autonomous Driving [5.582213904792781]
  This paper proposes a first-principles based sensor modeling and environment interaction scheme, and integrates it into CARLA simulator. A meta-heuristic algorithm is designed based on several empirical insights, which guide both seed scenarios and mutations. Under identical simulation setups, our algorithm discovers about four times as many corner cases as compared to state-of-the-art work.
  arXiv  Detail & Related papers  (2024-01-22T12:02:32Z)
• Exploring the Physical World Adversarial Robustness of Vehicle Detection [13.588120545886229]
  Adrial attacks can compromise the robustness of real-world detection models. We propose an innovative instant-level data generation pipeline using the CARLA simulator. Our findings highlight diverse model performances under adversarial conditions.
  arXiv  Detail & Related papers  (2023-08-07T11:09:12Z)
• DeepAccident: A Motion and Accident Prediction Benchmark for V2X Autonomous Driving [76.29141888408265]
  We propose a large-scale dataset containing diverse accident scenarios that frequently occur in real-world driving. The proposed DeepAccident dataset includes 57K annotated frames and 285K annotated samples, approximately 7 times more than the large-scale nuScenes dataset.
  arXiv  Detail & Related papers  (2023-04-03T17:37:00Z)
• SimuShips -- A High Resolution Simulation Dataset for Ship Detection with Precise Annotations [0.0]
  State-of-the-art obstacle detection algorithms are based on convolutional neural networks (CNNs) SimuShips is a publicly available simulation-based dataset for maritime environments.
  arXiv  Detail & Related papers  (2022-09-22T07:33:31Z)
• Evaluating the Robustness of Semantic Segmentation for Autonomous Driving against Real-World Adversarial Patch Attacks [62.87459235819762]
  In a real-world scenario like autonomous driving, more attention should be devoted to real-world adversarial examples (RWAEs) This paper presents an in-depth evaluation of the robustness of popular SS models by testing the effects of both digital and real-world adversarial patches.
  arXiv  Detail & Related papers  (2021-08-13T11:49:09Z)
• Disentangle Your Dense Object Detector [82.22771433419727]
  Deep learning-based dense object detectors have achieved great success in the past few years and have been applied to numerous multimedia applications such as video understanding. However, the current training pipeline for dense detectors is compromised to lots of conjunctions that may not hold. We propose Disentangled Dense Object Detector (DDOD), in which simple and effective disentanglement mechanisms are designed and integrated into the current state-of-the-art detectors.
  arXiv  Detail & Related papers  (2021-07-07T00:52:16Z)
• Cycle and Semantic Consistent Adversarial Domain Adaptation for Reducing Simulation-to-Real Domain Shift in LiDAR Bird's Eye View [110.83289076967895]
  We present a BEV domain adaptation method based on CycleGAN that uses prior semantic classification in order to preserve the information of small objects of interest during the domain adaptation process. The quality of the generated BEVs has been evaluated using a state-of-the-art 3D object detection framework at KITTI 3D Object Detection Benchmark.
  arXiv  Detail & Related papers  (2021-04-22T12:47:37Z)
• From Sound Representation to Model Robustness [82.21746840893658]
  We investigate the impact of different standard environmental sound representations (spectrograms) on the recognition performance and adversarial attack robustness of a victim residual convolutional neural network. Averaged over various experiments on three environmental sound datasets, we found the ResNet-18 model outperforms other deep learning architectures.
  arXiv  Detail & Related papers  (2020-07-27T17:30:49Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.