Research On Adversarial Attack Methods For Image Object Detection Tasks

In recent years,deep learning-based object detection techniques have made new breakthroughs.However,deep neural networks are vulnerable to adversarial attacks,which brings potential security risks to the practical application of object detection technology.It is important to study the principle of adversarial attacks on object detection to improve the security and robustness of object detection models.At present,in the field of object detection adversarial attack research,most attack algorithms are designed with relatively single attack loss,which leads to weak aggressiveness of the generated adversarial samples.At the same time,the key regions of the target are not paid attention to during the attack,which leads to a large perturbation of the generated adversarial samples.In addition,the generality of the attack is not considered in the algorithm design,leading to its poor generality.To address the above problems,this paper proposes two new object detection attack algorithms:the Conditional Generation Adversarial Networkbased Object Detection Adversarial Attack Algorithm(CGAN-AOD)and the Attentionbased Iterative Attack Algorithm for Object Detection(AIM-AOD).Specifically,The main contributions of this paper are as follows:(1)To address the problem of weak aggressiveness of the adversarial sample.The contrast feature attack is designed in the CGAN-AOD algorithm,which enables the adversarial sample to learn more aggressive noise features,thus enhancing the aggressiveness.And the regression loss attack is introduced in the AIM-AOD algorithm to attack the regressor of the object detection model,which misleads the detection frame of the object detection model to deviate from the correct position.The experimental results show that the CGAN-AOD and AIM-AOD algorithms enhance the aggressiveness of the adversarial samples compared with existing classical attack algorithms after introducing new attacks.(2)To address the problem of large perturbations in the adversarial samples.The mask matrix is introduced in the CGAN-AOD algorithm to filter the perturbations.The mask matrix is calculated based on the candidate regions output from the Region Proposal Network(RPN)of the Faster R-CNN.And the attention is introduced in the AIM-AOD algorithm to constrain the adversarial perturbations generation in the key regions of the image,and the attention weight are calculated by the image feature visualization technique based on the correlation of the input pixels obtained from the object detection results.Experimental results show that CGAN-AOD and AIM-AOD algorithms reduce the perturbation of adversarial samples after introducing mask matrix and attention,respectively.(3)In order to improve the generality of adversarial attack methods.In the design of CGAN-AOD algorithm,the algorithmic idea of AdvGAN with black-box attack capability is introduced to improve the generality of the attack.The AIM-AOD algorithm achieves a generic attack on single-stage and two-stage object detection networks by a generic objective function consisting of classification loss and regression loss and combining the Momentum Iterative Method(MIM)for the attack.The experimental results show that the CGAN-AOD algorithm has strong black-box attack capability,while the AIM-AOD algorithm shows powerful attacks on both Faster R-CNN and Yolo v3 with wider generality.In summary,the object detection adversarial attack algorithm proposed in this paper enhances the aggressiveness of the adversarial sample,reduces the perturbation of the adversarial sample,and is generalized.The research in this paper puts forward higher requirements for the security and robustness of the object detection model,and provides new ideas for exploring the principles of object detection adversarial attacks.