Two Improved Methods of Generating Adversarial Examples against Faster R-CNNs for Tram Environment Perception Systems

Trams have increasingly deployed object detectors to perceive running conditions, and deep learning networks have been widely adopted by those detectors. Growing neural networks have incurred severe attacks such as adversarial example attacks, imposing threats to tram safety. Only if adversarial attacks are studied thoroughly, researchers can come up with better defence methods against them. However, most existing methods of generating adversarial examples have been devoted to classification, and none of them target tram environment perception systems. In this paper, we propose an improved projected gradient descent (PGD) algorithm and an improved Carlini and Wagner (C&W) algorithm to generate adversarial examples against Faster R-CNN object detectors. Experiments verify that both algorithms can successfully conduct nontargeted and targeted white-box digital attacks when trams are running. We also compare the performance of the two methods, including attack effects, similarity to clean images, and the generating time. The results show that both algorithms can generate adversarial examples within 220 seconds, a much shorter time, without decrease of the success rate.

[1]  Abhinav Gupta,et al.  A-Fast-RCNN: Hard Positive Generation via Adversary for Object Detection , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[2]  Jin Li,et al.  The security of machine learning in an adversarial setting: A survey , 2019, J. Parallel Distributed Comput..

[3]  Mohammed Bennamoun,et al.  A Guide to Convolutional Neural Networks for Computer Vision , 2018, A Guide to Convolutional Neural Networks for Computer Vision.

[4]  Mingxuan Sun,et al.  Adaptive Nonsingular Fixed-Time Attitude Stabilization of Uncertain Spacecraft , 2018, IEEE Transactions on Aerospace and Electronic Systems.

[5]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  Jing Na,et al.  Adaptive Finite-Time Fuzzy Control of Nonlinear Active Suspension Systems With Input Delay , 2020, IEEE Transactions on Cybernetics.

[7]  David A. Stone,et al.  Increasing urban tram system efficiency, with battery storage and electric vehicle charging , 2020 .

[8]  Yanjie Yao,et al.  Vehicle License Plate Recognition Based on Extremal Regions and Restricted Boltzmann Machines , 2016, IEEE Transactions on Intelligent Transportation Systems.

[9]  Alan L. Yuille,et al.  Adversarial Examples for Semantic Segmentation and Object Detection , 2017, 2017 IEEE International Conference on Computer Vision (ICCV).

[10]  Mingxuan Sun,et al.  Adaptive Repetitive Learning Control of PMSM Servo Systems with Bounded Nonparametric Uncertainties: Theory and Experiments , 2020, IEEE Transactions on Industrial Electronics.

[11]  Claudia Eckert,et al.  Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables , 2018, 2018 26th European Signal Processing Conference (EUSIPCO).

[12]  Wei Chen,et al.  Gap Detection of Switch Machines in Complex Environment Based on Object Detection and Image Processing , 2020 .

[13]  Mingxuan Sun,et al.  Echo State Network-Based Backstepping Adaptive Iterative Learning Control for Strict-Feedback Systems: An Error-Tracking Approach , 2020, IEEE Transactions on Cybernetics.

[14]  Lu Wei,et al.  Extraction of target region in lung immunohistochemical image based on artificial neural network , 2016, Multimedia Tools and Applications.

[15]  Joan Bruna,et al.  Intriguing properties of neural networks , 2013, ICLR.

[16]  Zhanxing Zhu,et al.  Adversarial attacks on Faster R-CNN object detector , 2020, Neurocomputing.

[17]  Peng Yang,et al.  Railway obstacle detection algorithm using neural network , 2018 .

[18]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[19]  Shize Huang,et al.  Arc detection and recognition in pantograph-catenary system based on convolutional neural network , 2019, Inf. Sci..

[20]  Amy Z. Zeng,et al.  Collaboration Decisions on Disruption Recovery Service in Urban Public Tram Systems , 2012 .

[21]  Michał Choraś,et al.  Defending network intrusion detection systems against adversarial evasion attacks , 2020, Future Gener. Comput. Syst..

[22]  Duen Horng Chau,et al.  ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector , 2018, ECML/PKDD.

[23]  Xiaochun Cao,et al.  Transferable Adversarial Attacks for Image and Video Object Detection , 2018, IJCAI.

[24]  Wei Chen,et al.  Turnout Fault Diagnosis Based on CNNs with Self-Generated Samples , 2020 .

[25]  Jun Pan,et al.  Spot Evasion Attacks: Adversarial Examples for License Plate Recognition Systems with Convolution Neural Networks , 2020, Comput. Secur..

[26]  Ya Li,et al.  Adversarial attacks on deep-learning-based radar range profile target recognition , 2020, Inf. Sci..