710 research outputs found
Adversarially-Aware Robust Object Detector
Object detection, as a fundamental computer vision task, has achieved a
remarkable progress with the emergence of deep neural networks. Nevertheless,
few works explore the adversarial robustness of object detectors to resist
adversarial attacks for practical applications in various real-world scenarios.
Detectors have been greatly challenged by unnoticeable perturbation, with sharp
performance drop on clean images and extremely poor performance on adversarial
images. In this work, we empirically explore the model training for adversarial
robustness in object detection, which greatly attributes to the conflict
between learning clean images and adversarial images. To mitigate this issue,
we propose a Robust Detector (RobustDet) based on adversarially-aware
convolution to disentangle gradients for model learning on clean and
adversarial images. RobustDet also employs the Adversarial Image Discriminator
(AID) and Consistent Features with Reconstruction (CFR) to ensure a reliable
robustness. Extensive experiments on PASCAL VOC and MS-COCO demonstrate that
our model effectively disentangles gradients and significantly enhances the
detection robustness with maintaining the detection ability on clean images.Comment: ECCV2022 oral pape
FAT: Feature-Focusing Adversarial Training via Disentanglement of Natural and Perturbed Patterns
Deep neural networks (DNNs) are vulnerable to adversarial examples crafted by
well-designed perturbations. This could lead to disastrous results on critical
applications such as self-driving cars, surveillance security, and medical
diagnosis. At present, adversarial training is one of the most effective
defenses against adversarial examples. However, traditional adversarial
training makes it difficult to achieve a good trade-off between clean accuracy
and robustness since spurious features are still learned by DNNs. The intrinsic
reason is that traditional adversarial training makes it difficult to fully
learn core features from adversarial examples when adversarial noise and clean
examples cannot be disentangled. In this paper, we disentangle the adversarial
examples into natural and perturbed patterns by bit-plane slicing. We assume
the higher bit-planes represent natural patterns and the lower bit-planes
represent perturbed patterns, respectively. We propose a Feature-Focusing
Adversarial Training (FAT), which differs from previous work in that it
enforces the model to focus on the core features from natural patterns and
reduce the impact of spurious features from perturbed patterns. The
experimental results demonstrated that FAT outperforms state-of-the-art
methods in clean accuracy and adversarial robustness
Adv3D: Generating 3D Adversarial Examples in Driving Scenarios with NeRF
Deep neural networks (DNNs) have been proven extremely susceptible to
adversarial examples, which raises special safety-critical concerns for
DNN-based autonomous driving stacks (i.e., 3D object detection). Although there
are extensive works on image-level attacks, most are restricted to 2D pixel
spaces, and such attacks are not always physically realistic in our 3D world.
Here we present Adv3D, the first exploration of modeling adversarial examples
as Neural Radiance Fields (NeRFs). Advances in NeRF provide photorealistic
appearances and 3D accurate generation, yielding a more realistic and
realizable adversarial example. We train our adversarial NeRF by minimizing the
surrounding objects' confidence predicted by 3D detectors on the training set.
Then we evaluate Adv3D on the unseen validation set and show that it can cause
a large performance reduction when rendering NeRF in any sampled pose. To
generate physically realizable adversarial examples, we propose primitive-aware
sampling and semantic-guided regularization that enable 3D patch attacks with
camouflage adversarial texture. Experimental results demonstrate that the
trained adversarial NeRF generalizes well to different poses, scenes, and 3D
detectors. Finally, we provide a defense method to our attacks that involves
adversarial training through data augmentation. Project page:
https://len-li.github.io/adv3d-we
Enhancing Infrared Small Target Detection Robustness with Bi-Level Adversarial Framework
The detection of small infrared targets against blurred and cluttered
backgrounds has remained an enduring challenge. In recent years, learning-based
schemes have become the mainstream methodology to establish the mapping
directly. However, these methods are susceptible to the inherent complexities
of changing backgrounds and real-world disturbances, leading to unreliable and
compromised target estimations. In this work, we propose a bi-level adversarial
framework to promote the robustness of detection in the presence of distinct
corruptions. We first propose a bi-level optimization formulation to introduce
dynamic adversarial learning. Specifically, it is composited by the learnable
generation of corruptions to maximize the losses as the lower-level objective
and the robustness promotion of detectors as the upper-level one. We also
provide a hierarchical reinforced learning strategy to discover the most
detrimental corruptions and balance the performance between robustness and
accuracy. To better disentangle the corruptions from salient features, we also
propose a spatial-frequency interaction network for target detection. Extensive
experiments demonstrate our scheme remarkably improves 21.96% IOU across a wide
array of corruptions and notably promotes 4.97% IOU on the general benchmark.
The source codes are available at https://github.com/LiuZhu-CV/BALISTD.Comment: 9 pages, 6 figure
- …