Role of Spatial Context in Adversarial Robustness for Object Detection

TL;DR

This paper investigates how spatial context can be exploited by adversarial patches to fool object detectors like YOLO, and proposes training strategies to improve robustness against such attacks.

Contribution

It introduces category-specific adversarial patches that deceive detectors and demonstrates that reducing spatial context during training enhances robustness.

Findings

Adversarial patches can fool object detectors without overlapping objects.

Limiting spatial context during training improves robustness.

Context-based adversarial attacks pose a significant threat to detection systems.

Abstract

The benefits of utilizing spatial context in fast object detection algorithms have been studied extensively. Detectors increase inference speed by doing a single forward pass per image which means they implicitly use contextual reasoning for their predictions. However, one can show that an adversary can design adversarial patches which do not overlap with any objects of interest in the scene and exploit contextual reasoning to fool standard detectors. In this paper, we examine this problem and design category specific adversarial patches which make a widely used object detector like YOLO blind to an attacker chosen object category. We also show that limiting the use of spatial context during object detector training improves robustness to such adversaries. We believe the existence of context based adversarial attacks is concerning since the adversarial patch can affect predictions without being in vicinity of any objects of interest. Hence, defending against such attacks becomes challenging and we urge the research community to give attention to this vulnerability.