增强人员检测的鲁棒性：对抗性补丁攻击的通用防御过滤器

IF 4.8 2区计算机科学 Q1 COMPUTER SCIENCE, INFORMATION SYSTEMS

Computers & Security Pub Date : 2024-08-19 DOI:10.1016/j.cose.2024.104066

Zimin Mao , Shuiyan Chen , Zhuang Miao , Heng Li , Beihao Xia , Junzhe Cai , Wei Yuan , Xinge You

{"title":"增强人员检测的鲁棒性：对抗性补丁攻击的通用防御过滤器","authors":"Zimin Mao , Shuiyan Chen , Zhuang Miao , Heng Li , Beihao Xia , Junzhe Cai , Wei Yuan , Xinge You","doi":"10.1016/j.cose.2024.104066","DOIUrl":null,"url":null,"abstract":"<div><p>Person detection is one of the most popular object detection applications, and has been widely used in safety-critical systems such as autonomous driving. However, recent studies have revealed that person detectors are vulnerable to physically adversarial patch attacks and may suffer detection failure. Data-side defense is an effective approach to address this issue, owing to its low computational cost and ease of deployment. However, existing data-side defenses have limited effectiveness in resisting adaptive patch attacks. To overcome this challenge, we propose a new data-side defense, called Universal Defense Filter (UDFilter). UDFilter covers the input images with an equal-size defense filter to weaken the negative impact of adversarial patches. The defense filter is generated using a self-adaptive learning algorithm that facilitates iterative competition between adversarial patch and defense filter, thus bolstering UDFilter’s ability to defense adaptive attacks. Furthermore, to maintain the clean performance, we propose a plug-and-play Joint Detection Strategy (JDS) during the model testing phase. Extensive experiments have shown that UDFilter can significantly enhance robustness of person detection against adversarial patch attacks. Moreover, UDFilter does not result in a discernible reduction in the model’s clean performance.</p></div>","PeriodicalId":51004,"journal":{"name":"Computers & Security","volume":null,"pages":null},"PeriodicalIF":4.8000,"publicationDate":"2024-08-19","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"Enhancing robustness of person detection: A universal defense filter against adversarial patch attacks\",\"authors\":\"Zimin Mao , Shuiyan Chen , Zhuang Miao , Heng Li , Beihao Xia , Junzhe Cai , Wei Yuan , Xinge You\",\"doi\":\"10.1016/j.cose.2024.104066\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Person detection is one of the most popular object detection applications, and has been widely used in safety-critical systems such as autonomous driving. However, recent studies have revealed that person detectors are vulnerable to physically adversarial patch attacks and may suffer detection failure. Data-side defense is an effective approach to address this issue, owing to its low computational cost and ease of deployment. However, existing data-side defenses have limited effectiveness in resisting adaptive patch attacks. To overcome this challenge, we propose a new data-side defense, called Universal Defense Filter (UDFilter). UDFilter covers the input images with an equal-size defense filter to weaken the negative impact of adversarial patches. The defense filter is generated using a self-adaptive learning algorithm that facilitates iterative competition between adversarial patch and defense filter, thus bolstering UDFilter’s ability to defense adaptive attacks. Furthermore, to maintain the clean performance, we propose a plug-and-play Joint Detection Strategy (JDS) during the model testing phase. Extensive experiments have shown that UDFilter can significantly enhance robustness of person detection against adversarial patch attacks. Moreover, UDFilter does not result in a discernible reduction in the model’s clean performance.</p></div>\",\"PeriodicalId\":51004,\"journal\":{\"name\":\"Computers & Security\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.8000,\"publicationDate\":\"2024-08-19\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computers & Security\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S0167404824003717\",\"RegionNum\":2,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q1\",\"JCRName\":\"COMPUTER SCIENCE, INFORMATION SYSTEMS\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computers & Security","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S0167404824003717","RegionNum":2,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q1","JCRName":"COMPUTER SCIENCE, INFORMATION SYSTEMS","Score":null,"Total":0}

引用次数: 0

摘要

人员检测是最流行的物体检测应用之一，已被广泛应用于自动驾驶等安全关键型系统中。然而，最近的研究发现，人员检测器很容易受到物理对抗补丁攻击，并可能导致检测失败。数据侧防御因其计算成本低、易于部署而成为解决这一问题的有效方法。然而，现有的数据侧防御在抵御自适应补丁攻击方面效果有限。为了克服这一挑战，我们提出了一种新的数据侧防御方法，称为通用防御过滤器（UDFilter）。UDFilter 使用等大小的防御滤波器覆盖输入图像，以削弱对抗性补丁的负面影响。防御滤波器是通过自适应学习算法生成的，这种算法促进了对抗补丁和防御滤波器之间的迭代竞争，从而增强了 UDFilter 防御自适应攻击的能力。此外，为了保持良好的性能，我们在模型测试阶段提出了即插即用联合检测策略（JDS）。广泛的实验表明，UDFilter 能够显著增强人员检测对对抗性补丁攻击的鲁棒性。此外，UDFilter 不会明显降低模型的清洁性能。

本文章由计算机程序翻译，如有差异，请以英文原文为准。

查看原文本刊更多论文

Enhancing robustness of person detection: A universal defense filter against adversarial patch attacks

Person detection is one of the most popular object detection applications, and has been widely used in safety-critical systems such as autonomous driving. However, recent studies have revealed that person detectors are vulnerable to physically adversarial patch attacks and may suffer detection failure. Data-side defense is an effective approach to address this issue, owing to its low computational cost and ease of deployment. However, existing data-side defenses have limited effectiveness in resisting adaptive patch attacks. To overcome this challenge, we propose a new data-side defense, called Universal Defense Filter (UDFilter). UDFilter covers the input images with an equal-size defense filter to weaken the negative impact of adversarial patches. The defense filter is generated using a self-adaptive learning algorithm that facilitates iterative competition between adversarial patch and defense filter, thus bolstering UDFilter’s ability to defense adaptive attacks. Furthermore, to maintain the clean performance, we propose a plug-and-play Joint Detection Strategy (JDS) during the model testing phase. Extensive experiments have shown that UDFilter can significantly enhance robustness of person detection against adversarial patch attacks. Moreover, UDFilter does not result in a discernible reduction in the model’s clean performance.

求助全文

通过发布文献求助，成功后即可免费获取论文全文。去求助

来源期刊

Computers & Security 工程技术-计算机：信息系统

CiteScore

12.40

自引率

7.10%

发文量

365

审稿时长

10.7 months

期刊介绍： Computers & Security is the most respected technical journal in the IT security field. With its high-profile editorial board and informative regular features and columns, the journal is essential reading for IT security professionals around the world. Computers & Security provides you with a unique blend of leading edge research and sound practical management advice. It is aimed at the professional involved with computer security, audit, control and data integrity in all sectors - industry, commerce and academia. Recognized worldwide as THE primary source of reference for applied research and technical expertise it is your first step to fully secure systems.