Transferable adversarial attacks on human pose estimation: A regularization and pruning framework

Human Pose Estimation (HPE) is a core component in real-time decision systems, supporting critical applications such as healthcare monitoring, autonomous driving, and sports analytics. While deep learning models—particularly CNNs and Transformer-based architectures—have significantly improved HPE accuracy, they remain vulnerable to adversarial perturbations that subtly distort keypoint localization, thereby undermining system reliability. To address this challenge, we propose regularization and pruning transferable adversarial attack (RPA), a novel framework designed to enhance the transferability of adversarial samples in Transformer-based HPE models. RPA integrates two synergistic strategies: gradient regularization, which suppresses dominant feature correlations to reduce overfitting, and adaptive weight pruning, which removes redundant parameters to reduce model-specific noise. This dual mechanism enables the generation of transferable adversarial attacks that are effective across diverse model architectures. Extensive experiments on state-of-the-art HPE networks demonstrate that RPA consistently outperforms existing attack methods. In white-box settings, RPA reduces average precision (AP) by 0.05-0.30; in black-box scenarios, it yields AP drops of 0.01-0.04. These findings expose critical vulnerabilities in IoT-enabled HPE applications and establish a new benchmark for evaluating adversarial robustness in real-time perception systems.