Universal adversarial perturbations against object detection

摘要

Despite the remarkable success of deep neural networks on many visual tasks, they have been proved to be vulnerable to adversarial examples. For visual tasks, adversarial examples are images added with visu-ally imperceptible perturbations that result in failure for recognition. Previous works have demonstrated that adversarial perturbations can cause neural networks to fail on object detection. But these methods focus on generating an adversarial perturbation for a specific image, which is the image-specific perturbation. This paper tries to extend such image-level adversarial perturbations to detector-level, which are universal (image-agnostic) adversarial perturbations. Motivated by this, we propose a Universal Dense Object Suppression (U-DOS) algorithm to derive the universal adversarial perturbations against object detection and show that such perturbations with visual imperceptibility can lead the state-of-the-art detectors to fail in finding any objects in most images. Compared to image-specific perturbations, the results of image-agnostic perturbations are more interesting and also pose more challenges in AI security, because they are more convenient to be applied in the real physical world. We also analyze the generalization of such universal adversarial perturbations across different detectors and datasets under the black-box attack settings, showing it's a simple but promising adversarial attack approach against object detection. Furthermore, we validate the class-specific universal perturbations, which can remove the detection results of the target class and keep others unchanged. (c) 2020 Published by Elsevier Ltd.