Robust Adversarial Perturbation on Deep Proposal-based Models
Yuezun Li, Daniel Tian, Ming-Ching Chang, Xiao Bian, Siwei Lyu
TL;DR
This paper introduces a robust adversarial perturbation method targeting the Region Proposal Network in deep object detectors and segmentation models, effectively degrading their performance in black-box settings.
Contribution
It proposes a novel loss function combining label and shape losses, optimized via a gradient-based iterative algorithm for universal attacks.
Findings
Successfully attacks 6 state-of-the-art detectors
Degrades performance in black-box scenarios
Effective on MS COCO 2014 dataset
Abstract
Adversarial noises are useful tools to probe the weakness of deep learning based computer vision algorithms. In this paper, we describe a robust adversarial perturbation (R-AP) method to attack deep proposal-based object detectors and instance segmentation algorithms. Our method focuses on attacking the common component in these algorithms, namely Region Proposal Network (RPN), to universally degrade their performance in a black-box fashion. To do so, we design a loss function that combines a label loss and a novel shape loss, and optimize it with respect to image using a gradient based iterative algorithm. Evaluations are performed on the MS COCO 2014 dataset for the adversarial attacking of 6 state-of-the-art object detectors and 2 instance segmentation algorithms. Experimental results demonstrate the efficacy of the proposed method.
Peer Reviews
No public reviews on file for this paper yet. If you reviewed it on a platform where reviews are public (OpenReview, ICLR, NeurIPS, ICML), you can paste yours below so the community can read it here.
Videos
No videos yet. Explain this paper in a talk, walkthrough, or lecture? Add one.
Taxonomy
TopicsAdversarial Robustness in Machine Learning · Anomaly Detection Techniques and Applications · Bacillus and Francisella bacterial research