Research On Physical Scene Adversarial Attacks For Vehicle Detectio

Today,artificial intelligence,deep learning and other fields of research are in full swing,and cross-integrate with other academic fields,all thanks to deep neural networks(Deep Neural Networks,DNNs).Artificial intelligence application systems based on DNNs have also been implemented one after another,and are widely used in living authentication such as faces and fingerprints,autonomous driving,intelligent transportation and other scenarios,providing great convenience for social production and people’s lives.But there is no denying that technology is a "double-edged sword." Studies have shown that DNNs are vulnerable to Adversarial Examples(AEs).By adding custom perturbations to samples,the network can produce erroneous outputs,which can lead to serious consequences.In particular,the generation of Adversarial Patches makes adversarial attacks that used to work only in digital scenarios extend to real physical scenarios,and are prone to major threats to real-world application systems.Adversarial attacks have become an inevitable thorny issue in the implementation of AI projects from academics to applications.In order to improve the security of DNNs,the academic community has long begun to study various attack methods,in order to find potential threats in the DNNS model,and then formulate corresponding defense measures.Hence,investigating the vulnerability of deep learning to adversarial attacks is highly significant in enhancing the robustness and security of DNNs models.This paper mainly studies the construction of adversarial samples around vehicle detection and recognition,license plate recognition systems based on DNNs and vehicle object detection systems in real physical scenarios,and implements adversarial attacks.The main work is as follows:(1)A dual adversarial attack method for the License Plate Recognition System(LPRs)is proposed.At present,physical scene attacks for license plate recognition have problems such as unnatural vision of the generated adversarial patches,poor attack effects caused by small patches,and disturbances.At the same time,the size,color,shape and other attributes of the patch are too single.In order to solve this problem,the scheme first adds an adversarial patch to the pattern position of the license plate,so that the object detection subsystem of the LPRs cannot detect the license plate class.Naturally formed rust,stains,etc.,make the license plate number recognition subsystem of the LPRs misidentify.The research on adversarial attacks on LPRs in this paper has positive implications for improving the robustness of the license plate recognition model.(2)A transferable adversarial mapping scheme for the Vehicle Object Detection System(VOD)is proposed.The scheme renders adversarial interference to the car body in 3D to simulate the effect of car inkjet painting,making the car adversarial.First,render a non-planar camouflage texture on the surface of the vehicle,which retains the camouflage effect and has the ability to attack;second,place the vehicle that has completed the inkjet camouflage in different and realistic road scenes,and optimize the painting effect by combining the losses of different object detectors.Experiments show that the vehicle collision coating scheme can not only achieve non-target attack and vehicle directional target attack,but also have good attack mobility.