Combining Two Adversarial Attacks Against Person Re-Identification Systems

The field of Person Re-Identification (Re-ID) has received much attention recently, driven by the progress of deep neural networks, especially for image classification. The problem of Re-ID consists in identifying individuals through images captured by surveillance cameras in different scenarios. Governments and companies are investing a lot of time and money in Re-ID systems for use in public safety and identifying missing persons. However, several challenges remain for successfully implementing Re-ID, such as occlusions and light reflections in people's images. In this work, we focus on adversarial attacks on Re-ID systems, which can be a critical threat to the performance of these systems. In particular, we explore the combination of adversarial attacks against Re-ID models, trying to strengthen the decrease in the classification results. We conduct our experiments on three datasets: DukeMTMC-ReID, Market-1501, and CUHK03. We combine the use of two types of adversarial attacks, P-FGSM and Deep Mis-Ranking, applied to two popular Re-ID models: IDE (ResNet-50) and AlignedReID. The best result demonstrates a decrease of 3.36% in the Rank-10 metric for AlignedReID applied to CUHK03. We also try to use Dropout during the inference as a defense method

Latent Feature Relation Consistency for Adversarial Robustness

Deep neural networks have been applied in many computer vision tasks and achieved state-of-the-art performance. However, misclassification will occur when DNN predicts adversarial examples which add human-imperceptible adversarial noise to natural examples. This limits the application of DNN in security-critical fields. To alleviate this problem, we first conducted an empirical analysis of the latent features of both adversarial and natural examples and found the similarity matrix of natural examples is more compact than those of adversarial examples. Motivated by this observation, we propose \textbf{L}atent \textbf{F}eature \textbf{R}elation \textbf{C}onsistency (\textbf{LFRC}), which constrains the relation of adversarial examples in latent space to be consistent with the natural examples. Importantly, our LFRC is orthogonal to the previous method and can be easily combined with them to achieve further improvement. To demonstrate the effectiveness of LFRC, we conduct extensive experiments using different neural networks on benchmark datasets. For instance, LFRC can bring 0.78\% further improvement compared to AT, and 1.09\% improvement compared to TRADES, against AutoAttack on CIFAR10. Code is available at https://github.com/liuxingbin/LFRC.Comment: Tech repor

A Survey on Transferability of Adversarial Examples across Deep Neural Networks

The emergence of Deep Neural Networks (DNNs) has revolutionized various domains, enabling the resolution of complex tasks spanning image recognition, natural language processing, and scientific problem-solving. However, this progress has also exposed a concerning vulnerability: adversarial examples. These crafted inputs, imperceptible to humans, can manipulate machine learning models into making erroneous predictions, raising concerns for safety-critical applications. An intriguing property of this phenomenon is the transferability of adversarial examples, where perturbations crafted for one model can deceive another, often with a different architecture. This intriguing property enables "black-box" attacks, circumventing the need for detailed knowledge of the target model. This survey explores the landscape of the adversarial transferability of adversarial examples. We categorize existing methodologies to enhance adversarial transferability and discuss the fundamental principles guiding each approach. While the predominant body of research primarily concentrates on image classification, we also extend our discussion to encompass other vision tasks and beyond. Challenges and future prospects are discussed, highlighting the importance of fortifying DNNs against adversarial vulnerabilities in an evolving landscape

Order-Disorder: Imitation Adversarial Attacks for Black-box Neural Ranking Models

Neural text ranking models have witnessed significant advancement and are increasingly being deployed in practice. Unfortunately, they also inherit adversarial vulnerabilities of general neural models, which have been detected but remain underexplored by prior studies. Moreover, the inherit adversarial vulnerabilities might be leveraged by blackhat SEO to defeat better-protected search engines. In this study, we propose an imitation adversarial attack on black-box neural passage ranking models. We first show that the target passage ranking model can be transparentized and imitated by enumerating critical queries/candidates and then train a ranking imitation model. Leveraging the ranking imitation model, we can elaborately manipulate the ranking results and transfer the manipulation attack to the target ranking model. For this purpose, we propose an innovative gradient-based attack method, empowered by the pairwise objective function, to generate adversarial triggers, which causes premeditated disorderliness with very few tokens. To equip the trigger camouflages, we add the next sentence prediction loss and the language model fluency constraint to the objective function. Experimental results on passage ranking demonstrate the effectiveness of the ranking imitation attack model and adversarial triggers against various SOTA neural ranking models. Furthermore, various mitigation analyses and human evaluation show the effectiveness of camouflages when facing potential mitigation approaches. To motivate other scholars to further investigate this novel and important problem, we make the experiment data and code publicly available.Comment: 15 pages, 4 figures, accepted by ACM CCS 2022, Best Paper Nominatio

深層学習に基づく実情景での個人の再識別に関する研究

Person re-identification (ReID), as an instance-level recognition problem, aims to automatically retrieve a person-of-interest across multiple non-overlapping camera views, which is considered a sub-problem of image retrieval. Due to the increasing demand for real-world applications in intelligent video surveillance and public safety, as an effective supplement to face recognition, ReID has become an important task in the field of computer vision and has drawn a lot of attention from both academia and industry in recent years. Depending on the improvements of deep learning and the release of many large-scale datasets, many ReID models have been proposed and have achieved high performance in the past years. However, compared with face recognition, under different cameras, ReID is challenging due to the significant differences and changes of viewpoint, resolution, illumination, obstruction, pose of person, etc. The traditional ReID research mainly focuses on matching cropped pedestrian images between queries and candidates, carried out through experimental verification and evaluation on commonly used datasets, which are independent of detection and only focus on identification. In other words, the query process of ReID is divided into two separate steps: pedestrian detection and person reidentification, where has a big gap with practical applications. However, like any advanced algorithm, the ultimate goal of ReID research is to contribute to practical application. In the real scene, the goal of ReID is to search for a target person in a gallery of images or videos which come from multiple non-overlapping cameras. Compared with traditional ReID research, its purpose is to search a person from the whole scene images or videos instead of matching them with manually cropped pedestrians in the existing dataset. In this paper, from the perspective of computer vision and practical application, based on the analysis of the shortage of traditional research methods and the existing deep learning object detection and ReID research published by the computer vision conference in recent years, instead of breaking ReID down into two separate tasks: pedestrian detection and ReID, after selecting and optimizing the pedestrian detection model YOLOv3 and ReID models model strong Reid baseline respectively, through the combination of two models, a novel and complete practical ReID system are designed to achieve one-step search of specific pedestrians in images or video sequences in actual application scenarios. Unlike the traditional ReID method, the proposed approach combines pedestrian detection and ReID to perform one-step pedestrian detection and search. Compared with other similar work, the most significant advantage is effectively and directly using the existing pedestrian detection and ReID models. To evaluate the effectiveness of our approach, firstly, evaluate our proposed method on the commonly used benchmark datasets. Many test results show that the average accuracy of a single query on the commonly used ReID datasets is over 90%. Secondly, to verify the effectiveness of the proposed method in the real scene, whether it can work in complex application scenarios, and evaluate which factors will impact our one-step person search task,we took four experiments datasets in complex scenes, respectively. Before the experimental verification, the data is preprocessed, such as cropping the videos as required, converting videos into images (at intervals of 5 frames), and adding the logo. In our setting, the query task of ReID is divided into three classes, image-based, video-based and real-time one-step person search. That is, for images and video sequences obtained by cameras distributed in different locations, given a person-of-interest to be queried, the goal of our method is to search a person from the whole scene images or videos directly instead of matching them with manually cropped pedestrians in the existing datasets. The search results are output through two channels in real-time. One is the file output in the specified folder, and the other is the terminal information display. The experimental results show that our proposed method performs well for real scene application and commonly used datasets. At the same time, the overall experimental results also show that ReID in the real scene is feasible both in terms of retrieval speed and accuracy. The proposed approach improved the availability of video surveillance application, such as criminals finding, crosscamera person tracking and activity analysis, , etc. In this paper, from the perspective of the practical application of person re-identification, the main contributions can be summarized as follow: (1) Summarize and analyze the history and shortage of traditional ReID research, including the relationship with image classification, instance retrieval, face recognition, and pedestrian detection. (2) Based on the analysis of existing deep learning object detection and person reidentification research published by the computer vision conference in recent years, propose a complete process to perform a fast pedestrian detection, and query in a large gallery set collected by camera networks. (3) Using the object detection model YOLOv3 and person re-identification strong ReID baseline, and then combining pedestrian detection and person re-identification and under the premise of model optimization, a novel and complete practical person reidentification system is designed to achieve a one-step search of specific pedestrians in images or video sequences in actual application scenarios. (4) To evaluate the effectiveness of our approach, firstly, we evaluate the proposed method on the commonly used benchmark datasets, including three image-based ReID datasets, Market-1501, DukeMTMC-reID, MSMT17, and one video-based dataset, MARS, respectively. Finally, many test results show that the average accuracy of a single query on the commonly used ReID datasets is over 90%, and we can conclude that our proposed method can be further applied to find a specific pedestrian in the real scene. (5) To further verify whether the proposed method can work effectively in complex application scenarios and evaluate which factors will impact our one-step person search task, we took four experiments datasets in complex scenes, respectively. Before the experimental verification, the data is preprocessed, such as cropping the videos as required, converting videos into images (at intervals of 5 frames), and adding the logo. In our setting, the query task of ReID is divided into three classes, image-based, video-based, and real-time person search. (6) To improve the efficiency of pedestrian retrieval, the experimental results in real scenes are analyzed. After many experiments verification in the real scene, we can conclude that our proposed method has achieved good results. However, we can also see that occlusion and resolution are the two most important factors affecting the retrieval results. At the same time, the computational complexity and processing speed are also important requirements of our method. To improve the retrieval efficiency, retrieve the image one by one while retrieving the video every few frames. In addition, we also use some other methods to improve the retrieval speed, for example, using GPU, modifying the inference method, which is also the main task that we need to improve in the future. (7) The research will continue to achieve end-to-end ReID in the real scene in future work. The main work includes the following aspects, the first one is to improve retrieval efficiency, such as accuracy, computational complexity, and processing speed, mainly to solve the occlusion problem. Meanwhile, it is found that the current ReID model will not work when facing clothes changing, whether it is in the traditional ReID method based on commonly used datasets or our proposed approach in this paper. In other words, the current research of ReID mainly focuses on short-term scenarios. Therefore, to make ReID research closer to real life, it urgently needs to consider the more complex variability, i.e., long-term ReID. The problem of clothes changes and performing real-time pedestrian detection and query on mobile devices will be the main research directions and content of our future work.九州工業大学博士学位論文 学位記番号：工博甲第533号 学位授与年月日：令和3年9月24日1 Introduction| 2 One-step pedestrian detection based on the optimized YoloV3| 3 Person re-identification method and optimization| 4 Combination of pedestrian detection and ReID in the real scene| 5 Conclusions and future work九州工業大学令和3年

Deep Neural Networks and Data for Automated Driving

This open access book brings together the latest developments from industry and research on automated driving and artificial intelligence. Environment perception for highly automated driving heavily employs deep neural networks, facing many challenges. How much data do we need for training and testing? How to use synthetic data to save labeling costs for training? How do we increase robustness and decrease memory usage? For inevitably poor conditions: How do we know that the network is uncertain about its decisions? Can we understand a bit more about what actually happens inside neural networks? This leads to a very practical problem particularly for DNNs employed in automated driving: What are useful validation techniques and how about safety? This book unites the views from both academia and industry, where computer vision and machine learning meet environment perception for highly automated driving. Naturally, aspects of data, robustness, uncertainty quantification, and, last but not least, safety are at the core of it. This book is unique: In its first part, an extended survey of all the relevant aspects is provided. The second part contains the detailed technical elaboration of the various questions mentioned above