Adversarial Patch Attacks and Defences in Vision-Based Tasks: A Survey

Sharma, Abhijith; Bian, Yijun; Munz, Phil; Narayan, Apurva

doi:10.36227/techrxiv.20085902.v1

Cited by 11 publications

(13 citation statements)

References 2 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…To address the above challenges and generate 3D adversarial examples in driving scenarios, we build Adv3D upon recent advances in NeRF [38] that provide both differentiable rendering and realistic synthesis. In order to generate physically realizable attacks, we model Adv3D in a patch-attack [44] manner and use an optimization-based approach that starts with a realistic NeRF object [29] to learn its 3D adversarial texture. We optimize the adversarial texture to minimize the predicted confidence of all objects in the scenes, while keeping shape unchanged.…”

Section: Transferabilitymentioning

confidence: 99%

Efficiently generating sentence-level textual adversarial examples with Seq2seq Stacked Auto-Encoder

Zhang

et al. 2023

Expert Systems with Applications

View full text Add to dashboard Cite

Section: Transferabilitymentioning

confidence: 99%

Efficiently generating sentence-level textual adversarial examples with Seq2seq Stacked Auto-Encoder

Zhang

et al. 2023

Expert Systems with Applications

View full text Add to dashboard Cite

“…The numerous proposals of varied corruption in recent years necessitate robust model training. Eventually, the concern over the inconsistent behavior gave rise to several defense methodologies [19], [20], [21]. A defense can be broadly classified as either model agnostic (e.g., using saliency map) [22], [23] or model dependent (adversarial training) [9] where the network weights are learned to tackle the corruption.…”

Section: Naturalmentioning

confidence: 99%

NSA: Naturalistic Support Artifact to Boost Network Confidence

Sharma

Munz²,

Narayan

2023

2023 International Joint Conference on Neural Networks (IJCNN)

View full text Add to dashboard Cite

Visual AI systems are vulnerable to natural and synthetic physical corruption in the real-world. Such corruption often arises unexpectedly and alters the model's performance. In recent years, the primary focus has been on adversarial attacks. However, natural corruptions (e.g., snow, fog, dust) are an omnipresent threat to visual AI systems and should be considered equally important. Many existing works propose interesting solutions to train robust models against natural corruption. These works either leverage image augmentations, which come with the additional cost of model training, or place suspicious patches in the scene to design unadversarial examples. In this work, we propose the idea of naturalistic support artifacts (NSA) for robust prediction. The NSAs are shown to be beneficial in scenarios where model parameters are inaccessible and adding artifacts in the scene is feasible. The NSAs are natural looking objects generated through artifact training using DC-GAN to have high visual fidelity in the scene. We test against natural corruptions on the Imagenette dataset and observe the improvement in prediction confidence score by four times. We also demonstrate NSA's capability to increase adversarial accuracy by 8% on average. Lastly, we qualitatively analyze NSAs using saliency maps to understand how they help improve prediction confidence.

show abstract

“…[20,[22][23][24][25] reviewed the development of adversarial attack and defense methods against DNNs at different periods. Some surveys only focus on the specific task, such as image classification [26], adversarial patch [27]. However, these surveys mainly provide an overall view of the adversarial attack and defense in the specific research area or a roughly overall perspective.…”

Section: Introductionmentioning

confidence: 99%

A Survey on Physical Adversarial Attack in Computer Vision

Wang¹,

Wen²,

Jiang³

et al. 2023

Preprint

View full text Add to dashboard Cite

In the past decade, deep learning has dramatically changed the traditional hand-craft feature manner with strong feature learning capability, promoting the tremendous improvement of conventional tasks. However, deep neural networks (DNNs) have been demonstrated to be vulnerable to adversarial examples crafted by small noise, which is imperceptible to human observers but can make DNNs misbehave. Existing adversarial attacks can be divided into digital and physical adversarial attacks. The former is designed to pursue strong attack performance in lab environments while hardly remaining effective when applied to the physical world. In contrast, the latter focus on developing physical deployable attacks, which are more robust in complex physical environmental conditions (e.g., brightness, occlusion, etc.). Recently, with the increasing deployment of the DNN-based system in the real world, enhancing the robustness of these systems is an emergency, while exploring physical adversarial attacks exhaustly is the precondition. To this end, this paper reviews the development of physical adversarial attacks against DNN-based computer vision tasks (i.e., image recognition and object detection tasks), which can provide beneficial information for developing stronger physical adversarial attacks. For completeness, we also briefly introduce the works that do not involve physical attacks but are closely related to them. Specifically, we first proposed a taxonomy to summarize the current physical adversarial attacks. Then we briefly discuss the existing physical attacks and focus on the technique for improving the robustness of physical attacks under complex physical environmental conditions. Finally, we discuss the issues of the current physical adversarial attacks to be solved and give promising directions.

show abstract

Adversarial Patch Attacks and Defences in Vision-Based Tasks: A Survey

Cited by 11 publications

References 2 publications

Efficiently generating sentence-level textual adversarial examples with Seq2seq Stacked Auto-Encoder

Efficiently generating sentence-level textual adversarial examples with Seq2seq Stacked Auto-Encoder

NSA: Naturalistic Support Artifact to Boost Network Confidence

A Survey on Physical Adversarial Attack in Computer Vision

Contact Info

Product

Resources

About