skip to main content
10.1145/3588155.3588183acmotherconferencesArticle/Chapter ViewAbstractPublication PagesapitConference Proceedingsconference-collections
research-article

An Adversarial Attack Considering Effectiveness and Concealment on Faster R-CNN

Published: 12 June 2023 Publication History

Abstract

A well-designed adversarial attack method can expose the security vulnerabilities of the deep neural network models, thus providing support examples for defense strategies such as adversarial training. This paper investigates the adversarial attack against the object detection model Faster R-CNN. First, this work takes Faster R-CNN as a target model and formulates the adversarial attack as a multi-objective optimization problem. Second, a constrain considering perturbation magnitude, class label scores and bounding boxes coordinates is introduced to guarantee effectiveness and concealment of the attack. Finally, the proposed method is verified on two benchmark datasets for object detection. The experimental results show that the generated adversarial examples can reduce the @[.5,.95] of Faster R-CNN from 39.9% to 0.8% and 35.0% to 0.1% on MSCOCO2017 and TT100K, respectively. In addition, the generated perturbation achieves considerable concealment, where the average of perturbation magnitude in L1 norm only reaches 13.99 and 0.71 on the two benchmark datasets.

References

[1]
He, Kaiming, X. Zhang, Shaoqing Ren and Jian Sun. 2016. “Deep residual learning for image recognition,” 2016 IEEE Conference on Computer Vision and Pattern Recognition, pp. 770–778.
[2]
Chang, P ., Tony T Wong and M. J. Rasiej. 2019. “Deep learning for detection of complete anterior cruciate ligament tear,” Journal of Digital Imaging, pp. 1–7.
[3]
Wang, D., Wei, H., Zhang, Z., Huang, S., Xie, J., Luo, W., & Chen, J. 2022. Non-Parametric Online Learning from Human Feedback for Neural Machine Translation. AAAI.
[4]
ZHANG C, LUO K, GU S., 2021. Caps-YOLO: Pedestrian Detection Method of Complex Posture Combined with Capsules Network[J]. Journal of Flow Visualization and Image Processing, 28(3):41-69.
[5]
LIU S, GENG Y, SONG Y, 2021. Research on Small Target Pedestrian Detection Algorithm Based on Improved YOLOv3[C] //International Conference on Genetic and Evolutionary Computing. Springer, Singapore,:203-214.
[6]
YI Z, YONGLIANG S. 2019. JUN Z. An improved tiny-yolov3 pedestrian detection algorithm[J]. Optik, 183:17-23
[7]
JENSEN M B, NASROLLAHI K, MOESLUND T B. 2017. Evaluating state-of-the-art object detector on challenging traffic light data[C]//Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, 9-15.
[8]
POSSATTI L C, GUIDOLINI R, CARDOSO V B, 14-19 July 2019, Traffic light recognition using deep learning and prior maps for autonomous cars[C] //2019 international joint conference on neural networks (IJCNN). Budapest, Hungary. IEEE, 1-8.
[9]
GAO H, WANG W, YANG C, 2021. Traffic signal image detection technology based on YOLO[C]//Journal of Physics: Conference Series. IOP Publishing, Guangzhou, China, 012012.
[10]
ZHANG J, HUANG M, JIN X, 2017. A real-time Chinese traffic sign detection algorithm based on modified YOLOv2[J]. Algorithms, 10(4):127.
[11]
YANG W, ZHANG W. 2020. Real-time Traffic Signs Detection Based on YOLO Network Model[C] //2020 International Conference on CyberEnabled Distributed Computing and Knowledge Discovery (CyberC). Chongqing, China.29-30 Oct. 2020 IEEE, 354-357.
[12]
DEWI C, CHEN R-C, LIU Y-T, 2021. Yolo V4 for advanced traffic sign recognition with synthetic training data generated by various GAN[J]. IEEE Access, 9:97228-97242
[13]
Pei K, Cao Y, Yang J, 2017. Towards practical verification of machine learning: The case of computer vision systems[J]. arXiv preprint arXiv:1712.01785.
[14]
Szegedy, Christian, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, D. Erhan, I. Goodfellow and R. Fergus, 2014. “Intriguing properties of neural networks,” CoRR abs/1312.6199.
[15]
Goodfellow, I., Jonathon Shlens and Christian Szegedy. 2015. “Explaining and harnessing adversarial examples,” CoRR abs/1412.6572.
[16]
Madry, A., Aleksandar Makelov, Ludwig Schmidt, D. Tsipras and Adrian Vladu. 2018. “Towards deep learning models resistant to adversarial attacks,” ArXiv abs/1706.06083.
[17]
Carlini, Nicholas and David A. Wagner, 2017. “Towards evaluating the robustness of neural networks,” IEEE Symposium on Security and Privacy (SP), pp. 39-57.
[18]
Zou Z, Shi Z, Guo Y, 2019. Object Detection in 20 Years: A Survey[J].
[19]
Zeiler, Matthew D. and Rob Fergus. 2013. “Stochastic Pooling for Regularization of Deep Convolutional Neural Networks.” CoRR abs/1301.3557 (2013): n. pag.
[20]
Xie C, Wang J, Zhang Z, 2017. Adversarial Examples for Semantic Segmentation and Object Detection[J]. IEEE Computer Society, 1378-1387.
[21]
Wei X, Liang S, Chen N, 2018. Transferable Adversarial Attacks for Image and Video Object Detection[C].
[22]
Li Y, Tian D, Mingching-Chang, 2018. Robust Adversarial Perturbation on Deep Proposal-based Models[J].
[23]
Wang D, Li C, Wen S, 2019. Daedalus: Breaking Non-Maximum Suppression in Object Detection via Adversarial Examples[J].
[24]
J. Liu, Y. Wang, Y. Yin, Y. Hu, H. Chen and X. Gong, 2021, "Adversarial Attacks on Faster R-CNN: Design and Ablation Study," 2021 China Automation Congress (CAC), pp. 7395-7400.
[25]
Ren S, He K, Girshick R, 2016, Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks[C]// NIPS.
[26]
Lin, Tsung-Yi, M. Maire, Serge J. Belongie, James Hays, P . Perona, D.Ramanan, Piotr Dollár and C. L. Zitnick, 2014, “Microsoft COCO: Common objects in context,” ECCV
[27]
Z. Zhu, D. Liang, S. Zhang, X. Huang, B. Li and S. Hu, 2016, "Traffic-Sign Detection and Classification in the Wild," 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pp. 2110-2118.

Index Terms

  1. An Adversarial Attack Considering Effectiveness and Concealment on Faster R-CNN

    Recommendations

    Comments

    Information & Contributors

    Information

    Published In

    cover image ACM Other conferences
    APIT '23: Proceedings of the 2023 5th Asia Pacific Information Technology Conference
    February 2023
    192 pages
    ISBN:9781450399500
    DOI:10.1145/3588155
    Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

    Publisher

    Association for Computing Machinery

    New York, NY, United States

    Publication History

    Published: 12 June 2023

    Permissions

    Request permissions for this article.

    Check for updates

    Qualifiers

    • Research-article
    • Research
    • Refereed limited

    Conference

    APIT 2023
    APIT 2023: 2023 5th Asia Pacific Information Technology Conference
    February 9 - 11, 2023
    Ho Chi Minh City, Vietnam

    Contributors

    Other Metrics

    Bibliometrics & Citations

    Bibliometrics

    Article Metrics

    • 0
      Total Citations
    • 49
      Total Downloads
    • Downloads (Last 12 months)18
    • Downloads (Last 6 weeks)0
    Reflects downloads up to 20 Feb 2025

    Other Metrics

    Citations

    View Options

    Login options

    View options

    PDF

    View or Download as a PDF file.

    PDF

    eReader

    View online with eReader.

    eReader

    HTML Format

    View this article in HTML Format.

    HTML Format

    Figures

    Tables

    Media

    Share

    Share

    Share this Publication link

    Share on social media