Realistic Adversarial Attacks on Object Detectors Using Generative Models

被引：0

作者：

D. Shelepneva ^{[1
]}

K. Arkhipenko ^{[1
]}

机构：

[1] Ivannikov Institute for System Programming of the RAS, Moscow

来源：

Journal of Mathematical Sciences | 2024年 / 285卷 / 2期

关键词：

adversarial examples; diffusion models; generative adversarial networks; object detectors;

D O I：

10.1007/s10958-024-07430-4

中图分类号：

学科分类号：

摘要：

An important limitation of existing adversarial attacks on real-world object detectors lies in their threat model: adversarial patch-based methods often produce suspicious images while image generation approaches do not restrict the attacker’s capabilities of modifying the original scene. We design a threat model where the attacker modifies individual image segments and is required to produce realistic images. We also develop and evaluate a white-box attack that utilizes generative adversarial nets and diffusion models as a generator of malicious images. Our attack is able to produce high-fidelity images as measured by the Fréchet inception distance (FID) and reduces the mAP of Faster R-CNN model by over 0.2 on Cityscapes and COCO-Stuff datasets. A PyTorch implementation of our attack is available at https://github.com/DariaShel/gan-attack. © The Author(s), under exclusive licence to Springer Nature Switzerland AG 2024.

引用

页码：245 / 254

页数：9

共 32 条

[1] Arjovsky M., Chintala S., Bottou L., Wasserstein GAN, (2017)
[2] Brock A., Donahue J., Simonyan K., Large scale GAN training for high fidelity natural image synthesis, (2018)
[3] Brown T.B., Man D., Roy A., Abadi M., Gilmer J., Adversarial patch, (2017)
[4] Caesar H., Uijlings J.R.R., Ferrari V., , “Coco-stuff: Thing and stuff classes in context,” in, : Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, IEEE, pp. 1209-1218, (2018)
[5] Cordts M., Omran M., Ramos S., Rehfeld T., Enzweiler M., Benenson R., Franke U., Roth S., Schiele B., The cityscapes dataset for semantic urban scene understanding, In: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition, IEEE, pp. 3213-3223, (2016)
[6] Dhariwal P., Nichol A., Diffusion models beat gans on image synthesis, (2021)
[7] Duan R., Ma X., Wang Y., Bailey J., Qin A.K., Yang Y., , “Adversarial camouflage: Hiding physical-world attacks with natural styles,”, In: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, IEEE, pp. 997-1005, (2020)
[8] Goodfellow I.J., Pouget-Abadie J., Mirza M., Xu B., Warde-Farley D., Ozair S., Courville A.C., Bengio Y., Generative adversarial nets, In: Advances in Neural Information Processing Systems (NIPS), (2014)
[9] Goodfellow I.J., Shlens J., Szegedy C., Explaining and harnessing adversarial examples, (2014)
[10] Grigorescu S.M., Trasnea B., Cocias T.T., Macesanu G., A survey of deep learning techniques for autonomous driving, Journal of Field Robotics, 37, pp. 362-386, (2019)

← 1 2 3 4 →