Closed-Box Adversarial Attack Method for Object Detection Under Multiview Conditions

IF 8.9 1区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

IEEE Internet of Things Journal Pub Date : 2025-03-05 DOI:10.1109/JIOT.2025.3566950

Yun Zhang;Zhenhua Yu;Zheng Yin;Ou Ye;Xuya Cong;Houbing Herbert Song

{"title":"Closed-Box Adversarial Attack Method for Object Detection Under Multiview Conditions","authors":"Yun Zhang;Zhenhua Yu;Zheng Yin;Ou Ye;Xuya Cong;Houbing Herbert Song","doi":"10.1109/JIOT.2025.3566950","DOIUrl":null,"url":null,"abstract":"Deep learning-based object detection has become an important application in industrial IoT. However, studies have shown that adversarial attacks may cause object detection to output incorrect detection results. Such vulnerabilities can threaten the robustness of object detection systems and lead to security problems. To address the issue of low attack effectiveness on target detection from different perspectives using the existing adversarial attack methods, this article proposes an adversarial attack method with multiview adaptive weight-balancing. First, a multiview channel is constructed for training, and the target features under different viewpoints are comprehensively considered to enhance the robustness of the attack method. Then, the model is optimized by combining the model shake drop and patch cut-out algorithms during the training process, so that the attack method no longer relies on a single model, thus enhancing its generalization ability. Finally, by dynamically adjusting the weights of each viewpoint, a weight-balancing strategy is constructed, which adaptively adjusts the preference of different perspectives during the training process to enhance the attack effect of the attack method in each viewpoint. To verify the performance of the method, experiments are conducted on multiple benchmarks, specifically the PKU-Reid dataset. Compared with the mainstream methods, the proposed method improves the attack success rate by 3.78% and 19.26% under glass-box and closed-box conditions, respectively, while reducing the mean average precision of the object detection model by 2.18% and 11.12%, respectively. The experimental results demonstrate that the proposed method effectively enhances attack performance on targets from different viewpoints and exhibits better viewpoint robustness.","PeriodicalId":54347,"journal":{"name":"IEEE Internet of Things Journal","volume":"12 14","pages":"27886-27900"},"PeriodicalIF":8.9000,"publicationDate":"2025-03-05","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"IEEE Internet of Things Journal","FirstCategoryId":"94","ListUrlMain":"https://ieeexplore.ieee.org/document/10985868/","RegionNum":1,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

Abstract

Deep learning-based object detection has become an important application in industrial IoT. However, studies have shown that adversarial attacks may cause object detection to output incorrect detection results. Such vulnerabilities can threaten the robustness of object detection systems and lead to security problems. To address the issue of low attack effectiveness on target detection from different perspectives using the existing adversarial attack methods, this article proposes an adversarial attack method with multiview adaptive weight-balancing. First, a multiview channel is constructed for training, and the target features under different viewpoints are comprehensively considered to enhance the robustness of the attack method. Then, the model is optimized by combining the model shake drop and patch cut-out algorithms during the training process, so that the attack method no longer relies on a single model, thus enhancing its generalization ability. Finally, by dynamically adjusting the weights of each viewpoint, a weight-balancing strategy is constructed, which adaptively adjusts the preference of different perspectives during the training process to enhance the attack effect of the attack method in each viewpoint. To verify the performance of the method, experiments are conducted on multiple benchmarks, specifically the PKU-Reid dataset. Compared with the mainstream methods, the proposed method improves the attack success rate by 3.78% and 19.26% under glass-box and closed-box conditions, respectively, while reducing the mean average precision of the object detection model by 2.18% and 11.12%, respectively. The experimental results demonstrate that the proposed method effectively enhances attack performance on targets from different viewpoints and exhibits better viewpoint robustness.

查看原文本刊更多论文

多视点条件下目标检测的黑盒对抗攻击方法

基于深度学习的目标检测已成为工业物联网的重要应用。然而，研究表明，对抗性攻击可能会导致目标检测输出错误的检测结果。这些漏洞会威胁到目标检测系统的健壮性并导致安全问题。针对现有对抗性攻击方法从不同角度检测目标时攻击效率较低的问题，提出了一种多视角自适应权重平衡的对抗性攻击方法。首先，构建多视点通道进行训练，综合考虑不同视点下的目标特征，增强攻击方法的鲁棒性；然后，在训练过程中结合模型摇降算法和patch cut-out算法对模型进行优化，使攻击方法不再依赖于单一模型，增强了其泛化能力。最后，通过动态调整各视点的权重，构建权重平衡策略，在训练过程中自适应调整不同视点的偏好，增强攻击方法在各视点的攻击效果。为了验证该方法的性能，在多个基准上进行了实验，特别是在PKU-Reid数据集上。与主流方法相比，该方法在玻璃盒和封闭盒条件下的攻击成功率分别提高了3.78%和19.26%，目标检测模型的平均精度分别降低了2.18%和11.12%。实验结果表明，该方法有效提高了对不同视点目标的攻击性能，具有较好的视点鲁棒性。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

求助全文

约1分钟内获得全文求助全文

来源期刊

IEEE Internet of Things Journal Computer Science-Information Systems

CiteScore

17.60

自引率

13.20%

发文量

1982

期刊介绍： The EEE Internet of Things (IoT) Journal publishes articles and review articles covering various aspects of IoT, including IoT system architecture, IoT enabling technologies, IoT communication and networking protocols such as network coding, and IoT services and applications. Topics encompass IoT's impacts on sensor technologies, big data management, and future internet design for applications like smart cities and smart homes. Fields of interest include IoT architecture such as things-centric, data-centric, service-oriented IoT architecture; IoT enabling technologies and systematic integration such as sensor technologies, big sensor data management, and future Internet design for IoT; IoT services, applications, and test-beds such as IoT service middleware, IoT application programming interface (API), IoT application design, and IoT trials/experiments; IoT standardization activities and technology development in different standard development organizations (SDO) such as IEEE, IETF, ITU, 3GPP, ETSI, etc.