ALA: Adversarial Lightness Attack via Naturalness-aware Regularizations

Liangru, Sun,; Juefei-Xu, Felix; Huang, Yihao; Guo, Qi; Zhu, Jihong; Feng, Jianmei; Liu, Yang; Pu, Geguang

doi:10.48550/arxiv.2201.06070

Cited by 1 publication

(1 citation statement)

References 5 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…We hope the comprehensive analysis of adversarial robustness and corruption robustness on SAM can promote further study on the security of foundation models. In future work, we aim to evaluate the robustness of SAM against corruptionbased adversarial attacks [33], [34], [35], [36].…”

Section: Discussionmentioning

confidence: 99%

FakeLocator: Robust Localization of GAN-Based Face Manipulations

Huang

Juefei-Xu

Guo

et al. 2022

IEEE Trans.Inform.Forensic Secur.

View full text Add to dashboard Cite

Segment anything model (SAM) has presented impressive objectness identification capability with the idea of prompt learning and a new collected large-scale dataset. Given a prompt (e.g., points, bounding boxes, or masks) and an input image, SAM is able to generate valid segment masks for all objects indicated by the prompts, presenting high generalization across diverse scenarios and being a general method for zero-shot transfer to downstream vision tasks. Nevertheless, it remains unclear whether SAM may introduce errors in certain threatening scenarios. Clarifying this is of significant importance for applications that require robustness, such as autonomous vehicles. In this paper, we aim to study the testing-time robustness of SAM under adversarial scenarios and common corruptions. To this end, we first build a testing-time robustness evaluation benchmark for SAM by integrating existing public datasets. Second, we extend representative adversarial attacks against SAM and study the influence of different prompts on robustness. Third, we study the robustness of SAM under diverse corruption types by evaluating SAM on corrupted datasets with different prompts. With experiments conducted on SA-1B and KITTI datasets, we find that SAM exhibits remarkable robustness against various corruptions, except for blur-related corruption. Furthermore, SAM remains susceptible to adversarial attacks, particularly when subjected to PGD and BIM attacks. We think such a comprehensive study could highlight the importance of the robustness issues of SAM and trigger a series of new tasks for SAM as well as downstream vision tasks.

show abstract