Adversarial Attack On Yolov5 For Traffic And Road Sign Detection
- URL: http://arxiv.org/abs/2306.06071v2
- Date: Fri, 19 Jan 2024 07:54:11 GMT
- Title: Adversarial Attack On Yolov5 For Traffic And Road Sign Detection
- Authors: Sanyam Jain
- Abstract summary: This paper implements and investigates popular adversarial attacks on the YOLOv5 Object Detection algorithm.
The results show that YOLOv5 is susceptible to these attacks, with misclassification rates increasing as the magnitude of the perturbations increases.
The findings of this paper have important implications for the safety and reliability of object detection algorithms used in traffic and transportation systems.
- Score: 0.0
- License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
- Abstract: This paper implements and investigates popular adversarial attacks on the
YOLOv5 Object Detection algorithm. The paper explores the vulnerability of the
YOLOv5 to adversarial attacks in the context of traffic and road sign
detection. The paper investigates the impact of different types of attacks,
including the Limited memory Broyden Fletcher Goldfarb Shanno (L-BFGS), the
Fast Gradient Sign Method (FGSM) attack, the Carlini and Wagner (C&W) attack,
the Basic Iterative Method (BIM) attack, the Projected Gradient Descent (PGD)
attack, One Pixel Attack, and the Universal Adversarial Perturbations attack on
the accuracy of YOLOv5 in detecting traffic and road signs. The results show
that YOLOv5 is susceptible to these attacks, with misclassification rates
increasing as the magnitude of the perturbations increases. We also explain the
results using saliency maps. The findings of this paper have important
implications for the safety and reliability of object detection algorithms used
in traffic and transportation systems, highlighting the need for more robust
and secure models to ensure their effectiveness in real-world applications.
Related papers
- Mitigating Label Flipping Attacks in Malicious URL Detectors Using
Ensemble Trees [16.16333915007336]
Malicious URLs provide adversarial opportunities across various industries, including transportation, healthcare, energy, and banking.
backdoor attacks involve manipulating a small percentage of training data labels, such as Label Flipping (LF), which changes benign labels to malicious ones and vice versa.
We propose an innovative alarm system that detects the presence of poisoned labels and a defense mechanism designed to uncover the original class labels.
arXiv Detail & Related papers (2024-03-05T14:21:57Z) - DALA: A Distribution-Aware LoRA-Based Adversarial Attack against
Language Models [64.79319733514266]
Adversarial attacks can introduce subtle perturbations to input data.
Recent attack methods can achieve a relatively high attack success rate (ASR)
We propose a Distribution-Aware LoRA-based Adversarial Attack (DALA) method.
arXiv Detail & Related papers (2023-11-14T23:43:47Z) - YOLOv8-Based Visual Detection of Road Hazards: Potholes, Sewer Covers,
and Manholes [0.0]
This research paper provides a comprehensive evaluation of YOLOv8, an object detection model, in the context of detecting road hazards.
A comparative analysis with previous iterations, YOLOv5 and YOLOv7, is conducted, emphasizing the importance of computational efficiency in various applications.
The research assesses the robustness and generalization capabilities of the models through mAP scores calculated across the diverse test scenarios.
arXiv Detail & Related papers (2023-10-31T18:33:26Z) - MFL-YOLO: An Object Detection Model for Damaged Traffic Signs [0.32634122554914]
We propose an improved object detection method based on YOLOv5s, namely MFL-YOLO (Mutual Feature Levels Loss enhanced YOLO)
Compared with YOLOv5s, our MFL-YOLO improves 4.3 and 5.1 in F1 scores and mAP, while reducing the FLOPs by 8.9%.
The Grad-CAM heat map visualization shows that our model can better focus on the local details of the damaged traffic signs.
arXiv Detail & Related papers (2023-09-13T06:46:27Z) - Explainable and Trustworthy Traffic Sign Detection for Safe Autonomous
Driving: An Inductive Logic Programming Approach [0.0]
We propose an ILP-based approach for stop sign detection in Autonomous Vehicles.
It is more robust against adversarial attacks, as it mimics human-like perception.
It is able to correctly identify all targeted stop signs, even in the presence of PR2 and ADvCam attacks.
arXiv Detail & Related papers (2023-08-30T09:05:52Z) - IDEA: Invariant Defense for Graph Adversarial Robustness [60.0126873387533]
We propose an Invariant causal DEfense method against adversarial Attacks (IDEA)
We derive node-based and structure-based invariance objectives from an information-theoretic perspective.
Experiments demonstrate that IDEA attains state-of-the-art defense performance under all five attacks on all five datasets.
arXiv Detail & Related papers (2023-05-25T07:16:00Z) - Guidance Through Surrogate: Towards a Generic Diagnostic Attack [101.36906370355435]
We develop a guided mechanism to avoid local minima during attack optimization, leading to a novel attack dubbed Guided Projected Gradient Attack (G-PGA)
Our modified attack does not require random restarts, large number of attack iterations or search for an optimal step-size.
More than an effective attack, G-PGA can be used as a diagnostic tool to reveal elusive robustness due to gradient masking in adversarial defenses.
arXiv Detail & Related papers (2022-12-30T18:45:23Z) - Object-fabrication Targeted Attack for Object Detection [54.10697546734503]
adversarial attack for object detection contains targeted attack and untargeted attack.
New object-fabrication targeted attack mode can mislead detectors tofabricate extra false objects with specific target labels.
arXiv Detail & Related papers (2022-12-13T08:42:39Z) - Illusory Attacks: Information-Theoretic Detectability Matters in Adversarial Attacks [76.35478518372692]
We introduce epsilon-illusory, a novel form of adversarial attack on sequential decision-makers.
Compared to existing attacks, we empirically find epsilon-illusory to be significantly harder to detect with automated methods.
Our findings suggest the need for better anomaly detectors, as well as effective hardware- and system-level defenses.
arXiv Detail & Related papers (2022-07-20T19:49:09Z) - A Hybrid Defense Method against Adversarial Attacks on Traffic Sign
Classifiers in Autonomous Vehicles [4.585587646404074]
Adversarial attacks can make deep neural network (DNN) models predict incorrect output labels for autonomous vehicles (AVs)
This study develops a resilient traffic sign classifier for AVs that uses a hybrid defense method.
We find that our hybrid defense method achieves 99% average traffic sign classification accuracy for the no attack scenario and 88% average traffic sign classification accuracy for all attack scenarios.
arXiv Detail & Related papers (2022-04-25T02:13:31Z) - Targeted Physical-World Attention Attack on Deep Learning Models in Road
Sign Recognition [79.50450766097686]
This paper proposes the targeted attention attack (TAA) method for real world road sign attack.
Experimental results validate that the TAA method improves the attack successful rate (nearly 10%) and reduces the perturbation loss (about a quarter) compared with the popular RP2 method.
arXiv Detail & Related papers (2020-10-09T02:31:34Z)
This list is automatically generated from the titles and abstracts of the papers in this site.
This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.