Skip to main content
Fachgebiete
Automobil + Motoren Bauwesen + Immobilien Business IT + Informatik Elektrotechnik + Elektronik Energie + Nachhaltigkeit Finance + Banking Management + Führung Marketing + Vertrieb Maschinenbau + Werkstoffe Versicherung + Risiko
DE
EN
Themenseiten
Organisationspsychologie Projektmanagement Marketing Smart Manufacturing
Bücher
Zeitschriften
Weitere Formate
Podcasts Webinare Technik Webinare Wirtschaft Kongresse Veranstaltungskalender Awards
Jetzt Einzelzugang starten
Zugang für Unternehmen
Referenzkunden
MTZ-Fachkongress

Antriebe und Energiesysteme von morgen


Austausch von Automobil- und Energiewirtschaft

Am 14./15. Mai geht es in Chemnitz um die Mobilitätswende durch Elektro- und Wasserstofffahrzeuge.
Erweiterte Suche
Anmelden
nach oben
Soft Computing
Erschienen in: Soft Computing 20/2021

30.08.2021 | Application of soft computing

Imperceptible adversarial attacks against traffic scene recognition

verfasst von: Yinghui Zhu, Yuzhen Jiang

Erschienen in: Soft Computing | Ausgabe 20/2021

Einloggen

Aktivieren Sie unsere intelligente Suche, um passende Fachinhalte oder Patente zu finden.

search-config
loading …

Abstract

Adversarial examples have begun to receive widespread attention owning to their potential destructions to the most popular DNNs. They are crafted from original images by embedding well-calculated perturbations. In some cases, the perturbations are so slight that neither human eyes nor detection algorithms can notice them, and this imperceptibility makes them more covert and dangerous. For the sake of investigating the invisible dangers in the applications of traffic DNNs, we focus on imperceptible adversarial attacks on different traffic vision tasks, including traffic sign classification, lane detection and street scene recognition. We propose a universal logits map-based attack architecture against image semantic segmentation and design two targeted attack approaches on it. All the attack algorithms generate the micro-noise adversarial examples by the iterative method of C&W optimization and achieve 100% attack rate with very low distortion, among which, our experimental results indicate that the MAE (mean absolute error) of perturbation noise based on traffic sign classifier attack is as low as 0.562, and the other two algorithms based on semantic segmentation are only 1.503 and 1.574. We believe that our research on imperceptible adversarial attacks has a certain reference value to the security of DNNs applications.
Vorheriger Artikel Multi-attention embedded network for salient object detection
Nächster Artikel Human action recognition using a hybrid deep learning heuristic

Sie haben noch keine Lizenz? Dann Informieren Sie sich jetzt über unsere Produkte:

Springer Professional "Wirtschaft+Technik"

Online-Abonnement

Mit Springer Professional "Wirtschaft+Technik" erhalten Sie Zugriff auf:

  • über 102.000 Bücher
  • über 537 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Maschinenbau + Werkstoffe
  • Versicherung + Risiko

Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Wirtschaft"

Online-Abonnement

Mit Springer Professional "Wirtschaft" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 340 Zeitschriften

aus folgenden Fachgebieten:

  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Finance + Banking
  • Management + Führung
  • Marketing + Vertrieb
  • Versicherung + Risiko




Jetzt Wissensvorsprung sichern!

Jetzt informieren

Springer Professional "Technik"

Online-Abonnement

Mit Springer Professional "Technik" erhalten Sie Zugriff auf:

  • über 67.000 Bücher
  • über 390 Zeitschriften

aus folgenden Fachgebieten:

  • Automobil + Motoren
  • Bauwesen + Immobilien
  • Business IT + Informatik
  • Elektrotechnik + Elektronik
  • Energie + Nachhaltigkeit
  • Maschinenbau + Werkstoffe




 

Jetzt Wissensvorsprung sichern!

Jetzt informieren
Literatur
Alassad M, Spann B, Agarwal N (2021) Combining advanced computational social science and graph theoretic techniques to reveal adversarial information operations. Inf Process Manag 58(1):102385CrossRef
Arnab A, Miksik O, Torr PH (2018) On the robustness of semantic segmentation models to adversarial attacks. In: Proceedings of the IEEE international conference on computer vision and pattern recognition (CVPR), pp 888–897
Boloor A, Garimella K, He X, Gill C, Vorobeychik Y, Zhang X (2020) Attacking vision-based perception in end-to-end autonomous driving models. J Syst Archit 110:101766CrossRef
Carlini N, Wagner D (2017) Towards evaluating the robustness of neural networks. In: 2017 IEEE symposium on security and privacy, pp 39–57
Chen LC, Zhu Y, Papandreou G, Schroff F, Adam H (2018) Encoder-decoder with atrous separable convolution for semantic image segmentation. In: Proceedings of the European conference on computer vision (ECCV), pp 833–851
Everingham M, Van Gool L, Williams CKI, Winn J, Zisserman A (2010) The PASCAL Visual Object Classes (VOC) challenge. Int J Comput Vis 88(2): 303–338
Geiger A, Lenz P, Urtasun R (2012) Are we ready for autonomous driving? The KITTI vision benchmark suite. In: Proceedings of the IEEE international conference on computer vision and pattern recognition (CVPR), pp 3354–3361
Goodfellow IJ, Shlens J, Szegedy C (2015) Explaining and harnessing adversarial examples. In: International conference on learning representations (ICML), pp 1–10
Klingner M, Br A, Fingscheidt T (2020) Improved noise and attack robustness for semantic segmentation by using multi-task training with self-supervised depth estimation. In: The IEEE/CVF conference on computer vision and pattern recognition (CVPR) workshops. IEEE
Kurakin A, Goodfellow IJ, Bengio S (2016) Adversarial examples in the physical world. In: The international conference on learning representations (ICLR), 1607.02533,2016
Kurakin A, Goodfellow IJ, Bengio S (2016) Adversarial machine learning at scale. In: The international conference on learning representations (ICLR 2017), 1611.01236
Le Merrer E, Pérez P, Trédan G (2020) Adversarial frontier stitching for remote neural network watermarking. Neural Comput Appl 32: 9233–9244
Ma X, Niu Y, Gu L, Wang Y, Zhao Y, Bailey J, Lu F (2020) Understanding adversarial attacks on deep learning based medical image analysis systems. Pattern Recognit 107332
Metzen JH, Kumar MC, Brox T, Fischer V (2017) Universal adversarial perturbations against semantic image segmentation. In: 2017 IEEE international conference on computer vision (ICCV), Venice, pp 2774–2783
Naseer M, Khan SH, Rahman S, et al (2018) Task-generalizable adversarial attack based on perceptual metric. Comput Vis Pattern Recognit, 1811.09020
Osahor U, Nasrabadi N (2019) Deep adversarial attack on target detection systems. In: Artificial intelligence and machine learning for multi-domain operations applications, International Society for Optics and Photonics, Baltimore, MD, USA
Poursaeed O, Katsman I, Gao B, Belongie S (2018) Generative adversarial perturbations. In: 2018 IEEE/CVF conference on computer vision and pattern recognition (CVPR), pp 4422–4431
Ronneberger O, Fischer P, Brox T (2015) U-Net: convolutional networks for biomedical image segmentation. In: Proceedings of the international conference on medical image computing and computer assisted intervention (MICCAI). Springer, Berlin, pp 234–241
Sandler M, Howard A, Zhu M, Zhmoginov A, Chen L (2018) MobileNetV2: inverted residuals and linear bottlenecks. In: Proceedings of the IEEE international conference on computer vision and pattern recognition (CVPR), pp 4510–4520
Shen G, Mao C, Yang J, Ray B (2018) AdvSPADE: realistic unrestricted attacks for semantic. In: Proceedings of the IEEE international conference on computer vision and pattern recognition (CVPR)
Szegedy C, Zaremba W, Sutskever I, Bruna J, Erhan D, Goodfellow I, Fergus R (2014) Intriguing properties of neural networks. In: The International Conference on Learning Representations (ICLR), pp 1–10
Taheri R, Javidan R, Shojafar M et al (2020) On defending against label flipping attacks on malware detection systems. Neural Comput Appl 32:14781–14800CrossRef
Timofte R, Zimmermann K, Gool LV (2014) Multi-view traffic sign detection, recognition and 3D localization. In: IEEE workshop on applications of computer vision (vol. 25), pp 633–647
Metadaten
Titel
Imperceptible adversarial attacks against traffic scene recognition
verfasst von
Yinghui Zhu
Yuzhen Jiang
Publikationsdatum
30.08.2021
Verlag
Springer Berlin Heidelberg
Erschienen in
Soft Computing / Ausgabe 20/2021
Print ISSN: 1432-7643
Elektronische ISSN: 1433-7479
DOI
https://doi.org/10.1007/s00500-021-06148-8

Weitere Artikel der Ausgabe 20/2021

Soft Computing 20/2021 Zur Ausgabe

Mathematical methods in data science

Knowledge reduction of pessimistic multigranulation rough sets in incomplete information systems

Application of soft computing

Human action recognition using a hybrid deep learning heuristic

Foundations

Selection principles in the context of soft sets: Menger spaces

Fuzzy systems and their mathematics

On MV-coalgebras over the category of BL-algebras

Foundation, algebraic, and analytical methods in soft computing

Soft subalgebras and ideals of BCK/BCI-algebras based on -structures

Optimization

Modeling and solving assembly line worker assignment and balancing problem with sequence-dependent setup times

Premium Partner

    Bildnachweise