Multiclass ASMA vs Targeted PGD Attack in Image Segmentation

TL;DR

This paper compares the effectiveness of the PGD and ASMA adversarial attacks on DeepLabV3 image segmentation models with MobileNetV3 and ResNet50 architectures, highlighting PGD's higher consistency in targeted attacks.

Contribution

It provides a comparative analysis of PGD and ASMA attacks on segmentation models, revealing PGD's superior effectiveness in targeted adversarial attacks.

Findings

PGD consistently changes segmentation to target.

ASMA's multiclass generalization is less effective.

Adversarial attacks threaten deep learning image segmentation.

Abstract

Deep learning networks have demonstrated high performance in a large variety of applications, such as image classification, speech recognition, and natural language processing. However, there exists a major vulnerability exploited by the use of adversarial attacks. An adversarial attack imputes images by altering the input image very slightly, making it nearly undetectable to the naked eye, but results in a very different classification by the network. This paper explores the projected gradient descent (PGD) attack and the Adaptive Mask Segmentation Attack (ASMA) on the image segmentation DeepLabV3 model using two types of architectures: MobileNetV3 and ResNet50, It was found that PGD was very consistent in changing the segmentation to be its target while the generalization of ASMA to a multiclass target was not as effective. The existence of such attack however puts all of image classification deep learning networks in danger of exploitation.