Semantically Stealthy Adversarial Attacks against Segmentation Models

TL;DR

This paper introduces semantically stealthy adversarial attacks on segmentation models that manipulate specific labels while maintaining the integrity of others, using prior knowledge and feature regularization to achieve high success rates across datasets.

Contribution

The paper proposes a novel method for generating stealthy adversarial attacks on segmentation models that are semantically meaningful and transferable across datasets and models.

Findings

High attack success rate on Cityscapes, Mapillary, and BDD100K datasets.

Effective across different models and datasets.

Maintains non-targeted labels while manipulating targeted ones.

Abstract

Segmentation models have been found to be vulnerable to targeted and non-targeted adversarial attacks. However, the resulting segmentation outputs are often so damaged that it is easy to spot an attack. In this paper, we propose semantically stealthy adversarial attacks which can manipulate targeted labels while preserving non-targeted labels at the same time. One challenge is making semantically meaningful manipulations across datasets and models. Another challenge is avoiding damaging non-targeted labels. To solve these challenges, we consider each input image as prior knowledge to generate perturbations. We also design a special regularizer to help extract features. To evaluate our model's performance, we design three basic attack types, namely `vanishing into the context,' `embedding fake labels,' and `displacing target objects.' Our experiments show that our stealthy adversarial model can attack segmentation models with a relatively high success rate on Cityscapes, Mapillary, and BDD100K. Our framework shows good empirical generalization across datasets and models.