Mr. Kai Fu Profile

Kai Fu

SPIE Involvement:

Author

Publications (1)

This will count as one of your downloads.

You will have access to both the presentation and article (if available).

DOWNLOAD NOW

This content is available for download via your institution's subscription. To access this item, please sign in to your personal account.

Email or Username Forgot your username?

Password Forgot your password?

Show

Keep me signed in

No SPIE account? Create an account

Proceedings Article | 15 August 2023 Paper

Robustness evaluation of object detection models: a gradient attack method based on spatial sensitivity

Kai Fu, Mingzheng Wang, Kuangyin Meng, Changbin Shao

Proceedings Volume 12719, 1271936 (2023) https://doi.org/10.1117/12.2685460

KEYWORDS: Object detection, Performance modeling, Statistical modeling, Data modeling, Defense and security, Image classification, Detection and tracking algorithms, Visual process modeling

Read Abstract +

In the field of model robustness, adversarial attacks have become the most powerful way to threaten the performance of various deep models; adversarial attacks are to add adversarial noise to common samples to generate adversarial samples in order to mislead the model. The aggressiveness and imperceptibility of its noise are two main indicators to measure the adversarial attack. In this paper, we focus on attacks on object detection models. Previous gradient-sign based noise generation methods have achieved powerful attacks, however the adversarial examples they generate are usually easily perceived by our visual system. This is mainly due to the crude sign noise addition strategy adopted by the gradient sign method on the global input space. To solve this problem, the sensitivity of the deep detection model to the input sample space is analyzed, and a gradient attack method based on space sensitivity is proposed based on this clue. Specifically, inspired by the attention mechanism of the deep model, we investigate the global gradient information of the entire image, and verify the spatial regions that play a key role in detection and classification; further, we propose a method based on the key gradient information noise screening strategy to generate adversarial examples. This not only avoids the perceptibility flaw caused by directly attaching the global gradient symbol, but also provides a more powerful attack effect. Taking the Yolov3 detection model as an example, we conducted observational verification and offensive testing on the VOC detection dataset, and the experimental results confirmed the effectiveness of our method. This poses a greater challenge on how to conduct more effective model defense.

My Library

You currently do not have any folders to save your paper to! Create a new folder below.

Folder Name

Folder Description

View contact details

UPDATE YOUR PROFILE

Is this your profile? Update it now.

Sign into your SPIE.org account

Don’t have a profile and want one?

Create an account on SPIE.org

Access to the requested content is limited to institutions that have purchased or subscribe to SPIE eBooks. You are receiving this notice because your organization may not have SPIE eBooks access.*

*Shibboleth/Open Athens users─please sign in to access your institution's subscriptions.

To obtain this item, you may purchase the complete book in print or electronic format on SPIE.org.

ORGANIZATIONAL
Sign in with credentials provided by your organization.

Organizational Username

Organizational Password

Show/Hide Password

INSTITUTIONAL
Select your institution to access the SPIE Digital Library.

SELECT YOUR INSTITUTION

PERSONAL
Sign in with your SPIE account to access your personal subscriptions or to use specific features such as save to my library, sign up for alerts, save searches, etc.

PERSONAL SIGN IN

No SPIE Account? Create one

PURCHASE THIS CONTENT

SUBSCRIBE TO DIGITAL LIBRARY

50 downloads per 1-year subscription

Members: $195

Non-members: $335 ADD TO CART

25 downloads per 1 - year subscription

Members: $145

Non-members: $250 ADD TO CART

PURCHASE SINGLE ARTICLE

Includes PDF, HTML & Video, when available

Members:

Non-members: ADD TO CART

Keywords/Phrases

Search In:

Publication Years