This paper focuses on high-transferable adversarial attacks on detectors, which are hard to attack in a black-box manner, because of their multiple-output characteristics and the diversity across architectures. To pursue a high attack transferability, one plausible way is to find a common property across detectors, which facilitates the discovery of common weaknesses. We are the first to suggest that the relevance map from interpreters for detectors is such a property. Based on it, we design a Relevance Attack on Detectors (RAD), which achieves a state-of-the-art transferability, exceeding existing results by above 20%. On MS COCO, the detection mAPs for all 8 black-box architectures are more than halved and the segmentation mAPs are also significantly influenced. Given the great transferability of RAD, we generate the first adversarial dataset for object detection and instance segmentation, i.e., Adversarial Objects in COntext (AOCO), which helps to quickly evaluate and improve the robustness of detectors.
翻译:本文侧重于高可转移的对探测器的对抗性攻击,这种攻击由于其多重产出特点和结构的多样性,很难以黑箱方式进行攻击。为了追求高攻击性转移,一种可行的方法是找到一种共同的跨探测器属性,这有助于发现共同的弱点。我们首先建议,探测器的口译员相关地图就是这样的属性。在此基础上,我们设计了对探测器的关联性攻击(RAD),它达到最新水平的可转移性,超过现有结果的20%以上。在MS COCO上,所有8个黑箱结构的探测式手册超过一半,分解式模型也受到很大影响。鉴于RAD的巨大可转移性,我们生成了第一个用于物体探测和实例分解的对立数据集,即COntext中的Aversari物体(AOCO),它有助于快速评估和改进探测器的稳健性。
相关内容
微信扫码咨询专知VIP会员