A Human-in-the-Middle Attack against Object Detection Systems

TL;DR

This paper introduces a novel hardware-based Man-in-the-Middle attack on object detection systems that uses universal adversarial perturbations, revealing significant vulnerabilities in safety-critical applications like autonomous driving.

Contribution

The paper presents a new hardware attack method that injects universal adversarial perturbations between the camera and detection system, challenging previous assumptions about attack limitations.

Findings

The attack significantly degrades detection accuracy.

Proposed evaluation metrics better measure attack effectiveness.

Vulnerabilities pose risks for safety-critical systems.

Abstract

Object detection systems using deep learning models have become increasingly popular in robotics thanks to the rising power of CPUs and GPUs in embedded systems. However, these models are susceptible to adversarial attacks. While some attacks are limited by strict assumptions on access to the detection system, we propose a novel hardware attack inspired by Man-in-the-Middle attacks in cryptography. This attack generates a Universal Adversarial Perturbations (UAP) and injects the perturbation between the USB camera and the detection system via a hardware attack. Besides, prior research is misled by an evaluation metric that measures the model accuracy rather than the attack performance. In combination with our proposed evaluation metrics, we significantly increased the strength of adversarial perturbations. These findings raise serious concerns for applications of deep learning models in safety-critical systems, such as autonomous driving.