An improved ShapeShifter method of generating adversarial examples for physical attacks on stop signs against Faster R-CNNs

Abstract Vehicles have increasingly deployed object detectors to perceive running conditions, and deep learning networks have been widely adopted by those detectors. Growing neural networks have incurred severe attacks, like adversarial attacks, imposing threats to vehicle safety. Only if adversarial attacks are studied thoroughly can researchers think of better defence measures against them. However, most existing methods of generating an adversarial sample have focused on classification. Plus, stop signs in English have been a popular object to perform adversarial attacks while whether those in Chinese are likely to be attacked still remains a problem. In this paper, we proposed an improved ShapeShifter method to generate adversarial examples against Faster Region-Convolutional neural networks (Faster R-CNN) object detectors by adding white Gaussian noise to the optimization function of ShapeShifter. Experiments verify that the improved ShapeShifter method can successfully and effectively attack Faster R-CNNs for stop signs both in English and Chinese, which is much better than ShapeShifter under certain circumstances. Plus, it has better robustness and can overcome ShapeShifter's drawback of high requirements on photographic equipment.

[1]  Duen Horng Chau,et al.  ShapeShifter: Robust Physical Adversarial Attack on Faster R-CNN Object Detector , 2018, ECML/PKDD.

[2]  Yi Li,et al.  R-FCN: Object Detection via Region-based Fully Convolutional Networks , 2016, NIPS.

[3]  Ali Farhadi,et al.  You Only Look Once: Unified, Real-Time Object Detection , 2015, 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[4]  Dumitru Erhan,et al.  Going deeper with convolutions , 2014, 2015 IEEE Conference on Computer Vision and Pattern Recognition (CVPR).

[5]  David A. Wagner,et al.  Towards Evaluating the Robustness of Neural Networks , 2016, 2017 IEEE Symposium on Security and Privacy (SP).

[6]  Wei Chen,et al.  Turnout Fault Diagnosis Based on CNNs with Self-Generated Samples , 2020 .

[7]  Zhanxing Zhu,et al.  Adversarial attacks on Faster R-CNN object detector , 2020, Neurocomputing.

[8]  Zhigang Zeng,et al.  CLU-CNNs: Object detection for medical images , 2019, Neurocomputing.

[9]  Trevor Darrell,et al.  Rich Feature Hierarchies for Accurate Object Detection and Semantic Segmentation , 2013, 2014 IEEE Conference on Computer Vision and Pattern Recognition.

[10]  Samy Bengio,et al.  Adversarial Machine Learning at Scale , 2016, ICLR.

[11]  Shize Huang,et al.  Arc detection and recognition in pantograph-catenary system based on convolutional neural network , 2019, Inf. Sci..

[12]  Geoffrey E. Hinton,et al.  ImageNet classification with deep convolutional neural networks , 2012, Commun. ACM.

[13]  Yanjie Yao,et al.  Vehicle License Plate Recognition Based on Extremal Regions and Restricted Boltzmann Machines , 2016, IEEE Transactions on Intelligent Transportation Systems.

[14]  Wei Chen,et al.  Gap Detection of Switch Machines in Complex Environment Based on Object Detection and Image Processing , 2020 .

[15]  Jonathon Shlens,et al.  Explaining and Harnessing Adversarial Examples , 2014, ICLR.

[16]  Soumik Sarkar,et al.  LLNet: A deep autoencoder approach to natural low-light image enhancement , 2015, Pattern Recognit..

[17]  Jun Pan,et al.  Spot Evasion Attacks: Adversarial Examples for License Plate Recognition Systems with Convolution Neural Networks , 2020, Comput. Secur..

[18]  Nhien-An Le-Khac,et al.  Lightweight privacy-Preserving data classification , 2020, Comput. Secur..

[19]  Chunming Zhang,et al.  A differential game method against attacks in heterogeneous honeynet , 2020, Comput. Secur..

[20]  Kaiming He,et al.  Faster R-CNN: Towards Real-Time Object Detection with Region Proposal Networks , 2015, IEEE Transactions on Pattern Analysis and Machine Intelligence.

[21]  Mohammed Bennamoun,et al.  A Guide to Convolutional Neural Networks for Computer Vision , 2018, A Guide to Convolutional Neural Networks for Computer Vision.

[22]  Huicheng Zheng,et al.  Detail preservation and feature refinement for object detection , 2019, Neurocomputing.

[23]  Claudia Eckert,et al.  Adversarial Malware Binaries: Evading Deep Learning for Malware Detection in Executables , 2018, 2018 26th European Signal Processing Conference (EUSIPCO).

[24]  Alexander Wong,et al.  Explaining the Unexplained: A CLass-Enhanced Attentive Response (CLEAR) Approach to Understanding Deep Neural Networks , 2017, 2017 IEEE Conference on Computer Vision and Pattern Recognition Workshops (CVPRW).

[25]  Shi-Jinn Horng,et al.  AN IMPROVED FORECASTING MODEL BASED ON THE WEIGHTED FUZZY RELATIONSHIP MATRIX COMBINED WITH A PSO ADAPTATION FOR ENROLLMENTS , 2011 .