Cross-Prompt Adversarial Attack on Segment Anything Model
Authors: 
Yuchen Liu, Pengxu WeiAuthors Info & Claims
Yuchen Liu, Pengxu WeiAuthors Info & ClaimsPages 34 - 39
Abstract
Segment Anything Model (SAM) proposes promptable image segmentation based on various types of prompts like points and boxes. Although SAM presents impressive performance on segmentation and provides unparalleled versatility, it still suffers from the threat of adversarial attacks. In this paper, we investigate the problem of cross-prompt adversarial attacks on SAM, which considers whether the adversarial samples obtained by attacking with one or more prompts can lead to incorrect masks under other unseen test prompts. We analyze the factors influencing cross-prompt attacks and explore attacks on different numbers of prompts. Based on the analysis, we propose Omni-Attack-SAM, an innovative and effective attack method to produce adversarial samples that are transferable to unseen prompts. Our experiments on SA-1B and the Pascal VOC2012 dataset demonstrate that our method can decrease the mIoU value by over 35% compared to existing adversarial attack methods without using the ground truth of images. Additionally, we can also combine our method with the prompt information to achieve superior attack performance in various scenes.
References
[1]
Mark Everingham, SM Ali Eslami, Luc Van Gool, Christopher KI Williams, John Winn, and Andrew Zisserman. 2015. The pascal visual object classes challenge: A retrospective. International journal of computer vision (2015), 98–136.
[2]
Volker Fischer, Mummadi Chaithanya Kumar, Jan Hendrik Metzen, and Thomas Brox. 2017. Adversarial examples for semantic image segmentation. arXiv preprint arXiv:1703.01101 (2017).
[3]
Ian J Goodfellow, Jonathon Shlens, and Christian Szegedy. 2014. Explaining and harnessing adversarial examples. arXiv preprint arXiv:1412.6572 (2014).
[4]
Jindong Gu, Hengshuang Zhao, Volker Tresp, and Philip HS Torr. 2022. Segpgd: An effective and efficient adversarial attack for evaluating and boosting segmentation robustness. In European Conference on Computer Vision. Springer, 308–325.
[5]
Yihao Huang, Yue Cao, Tianlin Li, Felix Juefei-Xu, Di Lin, Ivor W Tsang, Yang Liu, and Qing Guo. 2023. On the robustness of segment anything. arXiv preprint arXiv:2305.16220 (2023).
[6]
Alexander Kirillov, Eric Mintun, Nikhila Ravi, Hanzi Mao, Chloe Rolland, Laura Gustafson, Tete Xiao, Spencer Whitehead, Alexander C Berg, Wan-Yen Lo, 2023. Segment anything. arXiv preprint arXiv:2304.02643 (2023).
[7]
Alexey Kurakin, Ian J Goodfellow, and Samy Bengio. 2018. Adversarial examples in the physical world. In Artificial intelligence safety and security. 99–112.
[8]
Aleksander Madry, Aleksandar Makelov, Ludwig Schmidt, Dimitris Tsipras, and Adrian Vladu. 2018. Towards Deep Learning Models Resistant to Adversarial Attacks. In International Conference on Learning Representations.
[9]
Nicolas Papernot, Patrick McDaniel, Ian Goodfellow, Somesh Jha, Z Berkay Celik, and Ananthram Swami. 2017. Practical black-box attacks against machine learning. In Proceedings of the ACM on Asia conference on computer and communications security. 506–519.
[10]
Christian Szegedy, Wojciech Zaremba, Ilya Sutskever, Joan Bruna, Dumitru Erhan, Ian Goodfellow, and Rob Fergus. 2014. Intriguing properties of neural networks. In International Conference on Learning Representations.
[11]
Yuqing Wang, Yun Zhao, and Linda Petzold. 2023. An empirical study on the robustness of the segment anything model (sam). arXiv preprint arXiv:2305.06422 (2023).
[12]
Chaowei Xiao, Ruizhi Deng, Bo Li, Fisher Yu, Mingyan Liu, and Dawn Song. 2018. Characterizing adversarial examples based on spatial consistency information for semantic segmentation. In European Conference on Computer Vision. 217–234.
[13]
Chenshuang Zhang, Chaoning Zhang, Taegoo Kang, Donghun Kim, Sung-Ho Bae, and In So Kweon. 2023. Attack-sam: Towards evaluating adversarial robustness of segment anything model. arXiv preprint arXiv:2305.00866 (2023).
Index Terms
- Cross-Prompt Adversarial Attack on Segment Anything Model
Recommendations
Adversarial Attack against Modeling Attack on PUFs
DAC '19: Proceedings of the 56th Annual Design Automation Conference 2019The Physical Unclonable Function (PUF) has been proposed for the identification and authentication of devices and cryptographic key generation. A strong PUF provides an extremely large number of device-specific challenge-response pairs (CRP) which can ...
AdvDoor: adversarial backdoor attack of deep learning system
ISSTA 2021: Proceedings of the 30th ACM SIGSOFT International Symposium on Software Testing and AnalysisDeep Learning (DL) system has been widely used in many critical applications, such as autonomous vehicles and unmanned aerial vehicles. However, their security is threatened by backdoor attack, which is achieved by adding artificial patterns on specific ...
A Multi-Task Adversarial Attack against Face Authentication
Deep learning-based identity management systems, such as face authentication systems, are vulnerable to adversarial attacks. However, existing attacks are typically designed for single-task purposes, which means they are tailored to exploit ...
Comments
Information & Contributors
Information
Published In
July 2024
221 pages
ISBN:9798400717109
DOI:10.1145/3688636
Copyright © 2024 ACM.
Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].
Publisher
Association for Computing Machinery
New York, NY, United States
Publication History
Published: 11 October 2024
Check for updates
Author Tags
Qualifiers
- Research-article
- Research
- Refereed limited
Conference
ICCBN 2024
ICCBN 2024: 2024 12th International Conference on Communications and Broadband Networking
July 24 - 27, 2024
Nyingchi, China
Contributors
Other Metrics
Bibliometrics & Citations
Bibliometrics
Article Metrics
- 0Total Citations
- 33Total Downloads
- Downloads (Last 12 months)33
- Downloads (Last 6 weeks)8
Reflects downloads up to 27 Feb 2025
Other Metrics
Citations
View Options
Login options
Check if you have access through your login credentials or your institution to get full access on this article.
Sign inFull Access
View options
View or Download as a PDF file.
PDFeReader
View online with eReader.
eReaderHTML Format
View this article in HTML Format.
HTML Format