PB-UAP: Hybrid Universal Adversarial Attack For Image Segmentation

TL;DR

This paper introduces PB-UAP, a novel universal adversarial attack method for image segmentation models that leverages dual feature separation and low-frequency scattering to achieve high success and transferability.

Contribution

The paper presents a new universal adversarial attack technique specifically designed for segmentation models, incorporating dual feature separation and frequency domain guidance.

Findings

Achieves higher attack success rates than existing methods.

Exhibits strong transferability across different segmentation models.

Effectively fools segmentation models in both pixel and frequency domains.

Abstract

With the rapid advancement of deep learning, the model robustness has become a significant research hotspot, \ie, adversarial attacks on deep neural networks. Existing works primarily focus on image classification tasks, aiming to alter the model's predicted labels. Due to the output complexity and deeper network architectures, research on adversarial examples for segmentation models is still limited, particularly for universal adversarial perturbations. In this paper, we propose a novel universal adversarial attack method designed for segmentation models, which includes dual feature separation and low-frequency scattering modules. The two modules guide the training of adversarial examples in the pixel and frequency space, respectively. Experiments demonstrate that our method achieves high attack success rates surpassing the state-of-the-art methods, and exhibits strong transferability across different models.