Evaluating the Adversarial Robustness of Detection Transformers

TL;DR

This paper thoroughly evaluates the adversarial robustness of detection transformers (DETRs), revealing significant vulnerabilities under various attack methods and highlighting the need for improved defenses in safety-critical applications.

Contribution

It provides the first comprehensive assessment of DETR's susceptibility to adversarial attacks, extending attack methods, and proposing a novel attack tailored for DETR models.

Findings

DETR models are highly vulnerable to adversarial attacks, similar to CNN detectors.

High intra-network transferability among DETR variants, limited cross-network transferability.

Proposed a new untargeted attack exploiting DETR's loss functions.

Abstract

Robust object detection is critical for autonomous driving and mobile robotics, where accurate detection of vehicles, pedestrians, and obstacles is essential for ensuring safety. Despite the advancements in object detection transformers (DETRs), their robustness against adversarial attacks remains underexplored. This paper presents a comprehensive evaluation of DETR model and its variants under both white-box and black-box adversarial attacks, using the MS-COCO and KITTI datasets to cover general and autonomous driving scenarios. We extend prominent white-box attack methods (FGSM, PGD, and CW) to assess DETR vulnerability, demonstrating that DETR models are significantly susceptible to adversarial attacks, similar to traditional CNN-based detectors. Our extensive transferability analysis reveals high intra-network transferability among DETR variants, but limited cross-network transferability to CNN-based models. Additionally, we propose a novel untargeted attack designed specifically for DETR, exploiting its intermediate loss functions to induce misclassification with minimal perturbations. Visualizations of self-attention feature maps provide insights into how adversarial attacks affect the internal representations of DETR models. These findings reveal critical vulnerabilities in detection transformers under standard adversarial attacks, emphasizing the need for future research to enhance the robustness of transformer-based object detectors in safety-critical applications.