Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
169 tokens/sec
GPT-4o
7 tokens/sec
Gemini 2.5 Pro Pro
45 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
38 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

Adversarial Infrared Geometry: Using Geometry to Perform Adversarial Attack against Infrared Pedestrian Detectors (2403.03674v1)

Published 6 Mar 2024 in cs.CV

Abstract: Currently, infrared imaging technology enjoys widespread usage, with infrared object detection technology experiencing a surge in prominence. While previous studies have delved into physical attacks on infrared object detectors, the implementation of these techniques remains complex. For instance, some approaches entail the use of bulb boards or infrared QR suits as perturbations to execute attacks, which entail costly optimization and cumbersome deployment processes. Other methodologies involve the utilization of irregular aerogel as physical perturbations for infrared attacks, albeit at the expense of optimization expenses and perceptibility issues. In this study, we propose a novel infrared physical attack termed Adversarial Infrared Geometry (\textbf{AdvIG}), which facilitates efficient black-box query attacks by modeling diverse geometric shapes (lines, triangles, ellipses) and optimizing their physical parameters using Particle Swarm Optimization (PSO). Extensive experiments are conducted to evaluate the effectiveness, stealthiness, and robustness of AdvIG. In digital attack experiments, line, triangle, and ellipse patterns achieve attack success rates of 93.1\%, 86.8\%, and 100.0\%, respectively, with average query times of 71.7, 113.1, and 2.57, respectively, thereby confirming the efficiency of AdvIG. Physical attack experiments are conducted to assess the attack success rate of AdvIG at different distances. On average, the line, triangle, and ellipse achieve attack success rates of 61.1\%, 61.2\%, and 96.2\%, respectively. Further experiments are conducted to comprehensively analyze AdvIG, including ablation experiments, transfer attack experiments, and adversarial defense mechanisms. Given the superior performance of our method as a simple and efficient black-box adversarial attack in both digital and physical environments, we advocate for widespread attention to AdvIG.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (45)
  1. Synthesizing robust adversarial examples, in: International conference on machine learning, PMLR. pp. 284–293.
  2. A private and efficient mechanism for data uploading in smart cyber-physical systems. IEEE Transactions on Network Science and Engineering 7, 766–775.
  3. Private data trading towards range counting queries in internet of things. IEEE Transactions on Mobile Computing .
  4. End-to-end object detection with transformers, in: Computer Vision–ECCV 2020: 16th European Conference, Glasgow, UK, August 23–28, 2020, Proceedings, Part I 16, Springer. pp. 213–229.
  5. Zoo: Zeroth order optimization based black-box attacks to deep neural networks without training substitute models, in: Proceedings of the 10th ACM workshop on artificial intelligence and security, pp. 15–26.
  6. Tnt attacks! universal naturalistic adversarial patches against deep neural network systems. IEEE Transactions on Information Forensics and Security 17, 3816–3830.
  7. Advdrop: Adversarial attack to dnns by dropping information, in: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 7506–7515.
  8. Adversarial laser beam: Effective physical-world attack to dnns in a blink, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 16062–16071.
  9. Learning coated adversarial camouflages for object detectors. arXiv preprint arXiv:2109.00124 .
  10. Yolov3: An incremental improvement, in: Computer vision and pattern recognition, Springer Berlin/Heidelberg, Germany. pp. 1–6.
  11. Optical adversarial attack, in: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 92–101.
  12. On visible adversarial perturbations & digital watermarking, in: Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition Workshops, pp. 1597–1604.
  13. Mask r-cnn, in: Proceedings of the IEEE international conference on computer vision, pp. 2961–2969.
  14. Deep residual learning for image recognition, in: Proceedings of the IEEE conference on computer vision and pattern recognition, pp. 770–778.
  15. Adversarial color projection: A projector-based physical-world attack to dnns. Image and Vision Computing 140, 104861.
  16. Adversarial catoptric light: An effective, stealthy and robust physical-world attack to dnns. IET Computer Vision .
  17. Adversarial neon beam: A light-based physical attack to dnns. Computer Vision and Image Understanding 238, 103877.
  18. Adversarial laser spot: Robust and covert physical-world attack to dnns, in: Asian Conference on Machine Learning, PMLR. pp. 483–498.
  19. Naturalistic physical adversarial patch for object detectors, in: Proceedings of the IEEE/CVF International Conference on Computer Vision, pp. 7848–7857.
  20. Adversarial texture for fooling person detectors in the physical world, in: Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pp. 13307–13316.
  21. Particle swarm optimization, in: Proceedings of ICNN’95-international conference on neural networks, IEEE. pp. 1942–1948.
  22. Advhat: Real-world adversarial attack on arcface face id system, in: 2020 25th International Conference on Pattern Recognition (ICPR), IEEE. pp. 819–826.
  23. Adaptive momentum variance for attention-guided sparse adversarial attacks. Pattern Recognition 133, 108979.
  24. Bayesian evolutionary optimization for crafting high-quality adversarial examples with limited query budget. Applied Soft Computing 142, 110370.
  25. Focal loss for dense object detection, in: Proceedings of the IEEE international conference on computer vision, pp. 2980–2988.
  26. Libra r-cnn: Towards balanced learning for object detection, in: Proceedings of the IEEE/CVF conference on computer vision and pattern recognition, pp. 821–830.
  27. Robust speech recognition via large-scale weak supervision, in: International Conference on Machine Learning, PMLR. pp. 28492–28518.
  28. Faster r-cnn: Towards real-time object detection with region proposal networks. Advances in neural information processing systems 28.
  29. A general framework for adversarial examples with objectives. ACM Transactions on Privacy and Security (TOPS) 22, 1–30.
  30. Intriguing properties of neural networks, in: Bengio, Y., LeCun, Y. (Eds.), 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14-16, 2014, Conference Track Proceedings. URL: http://arxiv.org/abs/1312.6199.
  31. Legitimate adversarial patches: Evading human eyes and detection models in the physical world, in: Proceedings of the 29th ACM international conference on multimedia, pp. 5307–5315.
  32. Knowledge graph and knowledge reasoning: A systematic review. Journal of Electronic Science and Technology 20, 100159.
  33. Fca: Learning a 3d full-coverage vehicle camouflage for multi-view physical adversarial attack, in: Proceedings of the AAAI Conference on Artificial Intelligence, pp. 2414–2422.
  34. Fca: Learning a 3d full-coverage vehicle camouflage for multi-view physical adversarial attack, in: Proceedings of the AAAI conference on artificial intelligence, pp. 2414–2422.
  35. Dual attention suppression attack: Generate adversarial camouflage in physical world, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 8565–8574.
  36. Hotcold block: Fooling thermal infrared detectors with a novel wearable design, in: Proceedings of the AAAI conference on artificial intelligence, pp. 15233–15241.
  37. Physically adversarial infrared patches with learnable shapes and locations, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 12334–12342.
  38. Adv-makeup: A new imperceptible and transferable attack on face recognition, in: Zhou, Z. (Ed.), Proceedings of the Thirtieth International Joint Conference on Artificial Intelligence, IJCAI 2021, Virtual Event / Montreal, Canada, 19-27 August 2021, ijcai.org. pp. 1252–1258. URL: https://doi.org/10.24963/ijcai.2021/173, doi:10.24963/IJCAI.2021/173.
  39. Chatgpt: Unlocking the future of nlp in finance. Available at SSRN 4323643 .
  40. Privacy-preserved data sharing towards multiple parties in industrial iots. IEEE Journal on Selected Areas in Communications 38, 968–979.
  41. Robust physical-world attacks on face recognition. Pattern Recognition 133, 109009.
  42. A fair and rational data sharing strategy toward two-stage industrial internet of things. IEEE Transactions on Industrial Informatics 19, 1088–1096.
  43. Infrared invisible clothing: Hiding from infrared detectors at multiple angles in real world, in: Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pp. 13317–13326.
  44. Hiding from infrared detectors in real world with adversarial clothes. Applied Intelligence , 1–19.
  45. Fooling thermal infrared pedestrian detectors in real world using small bulbs, in: Proceedings of the AAAI Conference on Artificial Intelligence, pp. 3616–3624.

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now