Adversarial Examples that Fool Detectors
read the original abstract
An adversarial example is an example that has been adjusted to produce a wrong label when presented to a system at test time. To date, adversarial example constructions have been demonstrated for classifiers, but not for detectors. If adversarial examples that could fool a detector exist, they could be used to (for example) maliciously create security hazards on roads populated with smart vehicles. In this paper, we demonstrate a construction that successfully fools two standard detectors, Faster RCNN and YOLO. The existence of such examples is surprising, as attacking a classifier is very different from attacking a detector, and that the structure of detectors - which must search for their own bounding box, and which cannot estimate that box very accurately - makes it quite likely that adversarial patterns are strongly disrupted. We show that our construction produces adversarial examples that generalize well across sequences digitally, even though large perturbations are needed. We also show that our construction yields physical objects that are adversarial.
This paper has not been read by Pith yet.
Forward citations
Cited by 2 Pith papers
-
Hiding Faces in Plain Sight: Disrupting AI Face Synthesis with Adversarial Perturbations
Adversarial perturbations disrupt DNN-based face detectors under white-box, gray-box, and black-box settings to sabotage training data for AI face synthesis.
-
Towards Adversarially Robust Object Detection
Develops a multi-task learning based adversarial training approach to improve robustness of object detectors to adversarial attacks, with experiments on PASCAL-VOC and MS-COCO.
discussion (0)
Sign in with ORCID, Apple, or X to comment. Anyone can read and Pith papers without signing in.