Black-box Transferable Attack Method for Object Detection Based on GAN

被引:0
|
作者
Lu Y.-X. [1 ]
Liu Z.-Y. [2 ]
Luo Y.-G. [3 ]
Deng S.-Y. [1 ]
Jiang T. [3 ]
Ma J.-Y. [3 ]
Dong Y.-P. [1 ,2 ]
机构
[1] Beijing RealAI Intelligent Technology Co. Ltd., Beijing
[2] Department of Computer Science and Technology, Tsinghua University, Beijing
[3] Chongqing Changan Automobile Software Technology Co. Ltd., Chongqing
来源
Ruan Jian Xue Bao/Journal of Software | 2024年 / 35卷 / 07期
关键词
adversarial attack; attention loss; black-box transferable attack; generative adversarial network (GAN); object detection;
D O I
10.13328/j.cnki.jos.006937
中图分类号
学科分类号
摘要
Object detection is widely used in various fields such as autonomous driving, industry, and medical care. Using the object detection algorithm to solve key tasks in different fields has gradually become the main method. However, the robustness of the object detection model based on deep learning is seriously insufficient under the attack of adversarial samples. It is easy to make the model prediction wrong by adding the adversarial samples constructed by small perturbations, which greatly limits the application of the object detection model in key security fields. In practical applications, the models are black-box models. Related research on black-box attacks against object detection models is relatively lacking, and there are many problems such as incomplete robustness evaluation, low attack success rate of black-box, and high resource consumption. To address the aforementioned issues, this study proposes a black-box object detection attack algorithm based on a generative adversarial network. The algorithm uses the generative network fused with an attention mechanism to output the adversarial perturbations and employs the alternative model loss and the category attention loss to optimize the generated network parameters, which can support two scenarios of target attack and vanish attack. A large number of experiments are conducted on the Pascal VOC and the MSCOCO datasets. The results demonstrate that the proposed method has a higher black-box transferable attack success rate and can perform transferable attacks between different datasets. © 2024 Chinese Academy of Sciences. All rights reserved.
引用
收藏
页码:3531 / 3550
页数:19
相关论文
共 62 条
  • [11] Yuan XH, Shi JF, Gu LC., A review of deep learning methods for semantic segmentation of remote sensing imagery, Expert Systems with Applications, 169, (2021)
  • [12] Eykholt K, Evtimov I, Fernandes E, Li B, Rahmati A, Xiao CW, Prakash A, Kohno T, Song D., Robust physical-world attacks on deep learning visual classification, Proc. of the 2018 IEEE/CVF Conf. on Computer Vision and Pattern Recognition, pp. 1625-1634, (2018)
  • [13] Grigorescu S, Trasnea B, Cocias T, Macesanu G., A survey of deep learning techniques for autonomous driving, Journal of Field Robotics, 37, 3, pp. 362-386, (2020)
  • [14] Hu Y, Yang A, Li H, Sun YY, Sun LM., A survey of intrusion detection on industrial control systems, Int’l Journal of Distributed Sensor Networks, 14, 8, pp. 1-14, (2018)
  • [15] Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow IJ, Fergus R., Intriguing properties of neural networks, Proc. of the 2nd Int’l Conf. on Learning Representations, (2013)
  • [16] Jia XJ, Zhang Y, Wu BY, Wang J, Cao XC., Boosting fast adversarial training with learnable adversarial initialization, IEEE Trans. on Image Processing, 31, pp. 4417-4430, (2022)
  • [17] Bai JW, Chen B, Li YM, Wu DX, Guo WW, Xia ST, Yang EH., Targeted attack for deep hashing based retrieval, Proc. of the 16th European Conf. on Computer Vision, pp. 618-634, (2020)
  • [18] Jia XJ, Zhang Y, Wu BY, Ma K, Wang J, Cao XC., LAS-AT: Adversarial training with learnable attack strategy, Proc. of the 2022 IEEE/CVF Conf. on Computer Vision and Pattern Recognition, pp. 13388-13398, (2022)
  • [19] Wei XX, Liang SY, Chen N, Cao XC., Transferable adversarial attacks for image and video object detection, Proc. of the 28th Int’l Joint Conf. on Artificial Intelligence, pp. 954-960, (2019)
  • [20] Dong YP, Pang TY, Su H, Zhu J., Evading defenses to transferable adversarial examples by translation-invariant attacks, Proc. of the 2019 IEEE/CVF Conf. on Computer Vision and Pattern Recognition (CVPR), pp. 4307-4316, (2019)
1234567