On Feasibility of Intent Obfuscating Attacks

TL;DR

This paper introduces a novel method of intent obfuscation in adversarial attacks on object detectors, using perturbations on non-target objects to hide the attacker's true target, with successful results across multiple models.

Contribution

It is the first to propose and empirically validate intent obfuscation techniques for generating adversarial examples against object detection systems.

Findings

Achieved high success rates on five prominent object detectors.

Identified key success factors like target confidence and perturb object size.

Demonstrated that exploiting these factors increases attack success.

Abstract

Intent obfuscation is a common tactic in adversarial situations, enabling the attacker to both manipulate the target system and avoid culpability. Surprisingly, it has rarely been implemented in adversarial attacks on machine learning systems. We are the first to propose using intent obfuscation to generate adversarial examples for object detectors: by perturbing another non-overlapping object to disrupt the target object, the attacker hides their intended target. We conduct a randomized experiment on 5 prominent detectors -- YOLOv3, SSD, RetinaNet, Faster R-CNN, and Cascade R-CNN -- using both targeted and untargeted attacks and achieve success on all models and attacks. We analyze the success factors characterizing intent obfuscating attacks, including target object confidence and perturb object sizes. We then demonstrate that the attacker can exploit these success factors to increase success rates for all models and attacks. Finally, we discuss main takeaways and legal repercussions.