Multi-Expert Adversarial Attack Detection in Person Re-identification Using Context Inconsistency

TL;DR

This paper introduces MEAAD, a novel method for detecting adversarial attacks in person re-identification systems by analyzing context inconsistencies, achieving high accuracy across multiple datasets.

Contribution

The paper proposes the first adversarial attack detection method for ReID systems using context inconsistency analysis, applicable to any DNN-based ReID model.

Findings

Achieves over 97.5% ROC-AUC in detecting adversarial attacks

Effective across multiple datasets like Market1501 and DukeMTMC-ReID

Detects various types of adversarial perturbations

Abstract

The success of deep neural networks (DNNs) has promoted the widespread applications of person re-identification (ReID). However, ReID systems inherit the vulnerability of DNNs to malicious attacks of visually inconspicuous adversarial perturbations. Detection of adversarial attacks is, therefore, a fundamental requirement for robust ReID systems. In this work, we propose a Multi-Expert Adversarial Attack Detection (MEAAD) approach to achieve this goal by checking context inconsistency, which is suitable for any DNN-based ReID systems. Specifically, three kinds of context inconsistencies caused by adversarial attacks are employed to learn a detector for distinguishing the perturbed examples, i.e., a) the embedding distances between a perturbed query person image and its top-K retrievals are generally larger than those between a benign query image and its top-K retrievals, b) the embedding distances among the top-K retrievals of a perturbed query image are larger than those of a benign query image, c) the top-K retrievals of a benign query image obtained with multiple expert ReID models tend to be consistent, which is not preserved when attacks are present. Extensive experiments on the Market1501 and DukeMTMC-ReID datasets show that, as the first adversarial attack detection approach for ReID, MEAAD effectively detects various adversarial attacks and achieves high ROC-AUC (over 97.5%).