skip to main content
10.1145/3652628.3652785acmotherconferencesArticle/Chapter ViewAbstractPublication PagesicaiceConference Proceedingsconference-collections
research-article

Towards a SSIM based Imperceptible Adversarial Attack Approach for Object Detection

Published: 23 May 2024 Publication History

Abstract

To address the problem of poor imperceptibility in the current adversarial attack methods, a Structure Similarity Index Metric (SSIM) based imperceptibility oriented adversarial attack method for object detection is proposed. This method is an iterative white box adversarial attack process based on sensitivity analysis. In each iteration, the vanishing loss and the structural similarity value between the adversarial sample and the original image are calculated and gradient backpropagation is performed. The gradient direction contains components that are beneficial for improving image structure similarity index. The experimental results show that under the condition of white box attack Faster RCNN, compared to RPAttack, aDPAttack, gDPAttack and PGD, the reduction rates of this method in LPAD, TV distance and Wasserstein distance exceed 29%, 1.6% and 27.2% respectively.

References

[1]
Fashan Dong, Binyue Deng, Haiyang Yu, Wenrong Xie, Huawei Xu, and Zhaoquan Gu. 2022. An Asterisk-shaped Patch Attack for Object Detection. In 2022 7th IEEE International Conference on Data Science in Cyberspace (DSC), IEEE, 126–133.
[2]
Hao Huang, Yongtao Wang, Zhaoyu Chen, Zhi Tang, Wenqiang Zhang, and Kai-Kuang Ma. 2021. Rpattack: Refined Patch Attack on General Object Detectors. In 2021 IEEE International Conference on Multimedia and Expo (ICME), IEEE, 1–6.
[3]
Shudeng Wu, Tao Dai, and Shu-Tao Xia. 2020. Dpattack: Diffused patch attacks against universal object detection. arXiv preprint. Retrieved from https://arxiv.org/abs/2010.11679
[4]
Omid Mohamad Nezami, Akshay Chaturvedi, Mark Dras, and Utpal Garain. 2021. Pick-Object-Attack: Type-specific adversarial attack for object detection. Comput. Vis. Image Underst. 211, (October 2021), 103257.
[5]
Shaoqing Ren, Kaiming He, Ross Girshick, and Jian Sun. 2017. Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks. IEEE Trans. Pattern Anal. Mach. Intell. 39, 6 (June 2017), 1137–1149.
[6]
Shen Wang and Yuxin Gong. 2022. Adversarial example detection based on saliency map features. Appl. Intell. 52, 6 (April 2022), 6262–6275.
[7]
Debang Li, Junge Zhang, and Kaiqi Huang. 2021. Universal adversarial perturbations against object detection. Pattern Recognit. 110, (February 2021), 107584.
[8]
Xingxing Wei, Siyuan Liang, Ning Chen, and Xiaochun Cao. 2019. Transferable Adversarial Attacks for Image and Video Object Detection. arXiv preprint. doi.org/https://doi.org/10.48550/arXiv.1811.12641
[9]
Alexey Bochkovskiy, Chien-Yao Wang, and Hong-Yuan Mark Liao. 2020. Yolov4: Optimal speed and accuracy of object detection. Retrieved from https://arxiv.org/abs/2004.10934.
[10]
Sara Sabour, Yanshuai Cao, Fartash Faghri, and David J. Fleet. 2016. Adversarial manipulation of deep representations. Retrieved from https://arxiv.org/abs/1511.05122
[11]
Andras Rozsa, Ethan M Rudd, and Terrance E Boult. 2016. Adversarial Diversity and Hard Positive Generation. In 2016 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW), IEEE, 410–417.
[12]
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards deep learning models resistant to adversarial attacks. Retrieved from https://arxiv.org/abs/1706.06083
[13]
Ian J. Goodfellow, Jonathon Shlens, and Christian Szegedy. 2015. Explaining and Harnessing Adversarial Examples. Retrieved from https://arxiv.org/abs/1412.6572
[14]
Zhou Wang, A.C. Bovik, H.R. Sheikh, and E.P. Simoncelli. 2004. Image Quality Assessment: From Error Visibility to Structural Similarity. IEEE Trans. Image Process. 13, 4 (April 2004), 600–612.
[15]
Xiaofeng Mao, Yuefeng Chen, Ranjie Duan, Yao Zhu, Gege Qi, Shaokai Ye, Xiaodan Li, Rong Zhang, and Hui Xue. 2022. Enhance the Visual Representation via Discrete Adversarial Training. Retrieved from https://arxiv.org/abs/2209.07735
[16]
Martin Arjovsky, Soumith Chintala, and Léon Bottou. 2017. Wasserstein GAN. Retrieved from https://arxiv.org/abs/1701.07875
[17]
T Contributors. 2022. Adversarial samples using FGSM| TensorFlow Core. Retrieved from https://tensorflow.google.cn/tutorials/generative/adversarial_fgsm?hl=zh-cn.
[18]
Tsung-Yi Lin, Michael Maire, Serge Belongie, James Hays, Pietro Perona, Deva Ramanan, Piotr Dollár, and C. Lawrence Zitnick. 2014. Microsoft COCO: Common Objects in Context. In CoRR. 740–755.

Recommendations

Comments

Information & Contributors

Information

Published In

cover image ACM Other conferences
ICAICE '23: Proceedings of the 4th International Conference on Artificial Intelligence and Computer Engineering
November 2023
1263 pages
ISBN:9798400708831
DOI:10.1145/3652628
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 23 May 2024

Permissions

Request permissions for this article.

Check for updates

Qualifiers

  • Research-article
  • Research
  • Refereed limited

Funding Sources

  • Grant from the State Grid Gansu Electric Power Company Electric Power Scientific Research Institute

Conference

ICAICE 2023

Contributors

Other Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

  • 0
    Total Citations
  • 27
    Total Downloads
  • Downloads (Last 12 months)27
  • Downloads (Last 6 weeks)7
Reflects downloads up to 13 Feb 2025

Other Metrics

Citations

View Options

Login options

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

HTML Format

View this article in HTML Format.

HTML Format

Figures

Tables

Media

Share

Share

Share this Publication link

Share on social media