Jiawei Liu , Xun Gong , Tingting Wang , Yunfeng Hu , Hong Chen
{"title":"A proxy-data-based hierarchical adversarial patch generation method","authors":"Jiawei Liu , Xun Gong , Tingting Wang , Yunfeng Hu , Hong Chen","doi":"10.1016/j.cviu.2024.104066","DOIUrl":null,"url":null,"abstract":"<div><p>Current <em>training data-dependent</em> physical attacks have limited applicability to privacy-critical situations when attackers lack access to neural networks’ training data. To address this issue, this paper presents a hierarchical adversarial patch generation framework considering data privacy, utilizing <em>proxy datasets</em> while assuming that the training data is blinded. In the upper layer, <strong>Average Patch Saliency</strong> (<strong>APS</strong>) is introduced as a quantitative metric to determine the best proxy dataset for patch generation from a set of publicly available datasets. In the lower layer, <strong>Expectation of Transformation Plus</strong> (<strong>EoT+</strong>) method is developed to generate patches while accounting for perturbing background simulation and sensitivity alleviation. Evaluation results obtained in digital settings show that the proposed proxy-data-based framework achieves comparable targeted attack results to the data-dependent benchmark method. Finally, the framework’s validity is comprehensively evaluated in the physical world, where the corresponding experimental videos and code can be found at <span>here</span><svg><path></path></svg>.</p></div>","PeriodicalId":50633,"journal":{"name":"Computer Vision and Image Understanding","volume":null,"pages":null},"PeriodicalIF":4.3000,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":null,"platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Vision and Image Understanding","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1077314224001474","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
引用次数: 0
Abstract
Current training data-dependent physical attacks have limited applicability to privacy-critical situations when attackers lack access to neural networks’ training data. To address this issue, this paper presents a hierarchical adversarial patch generation framework considering data privacy, utilizing proxy datasets while assuming that the training data is blinded. In the upper layer, Average Patch Saliency (APS) is introduced as a quantitative metric to determine the best proxy dataset for patch generation from a set of publicly available datasets. In the lower layer, Expectation of Transformation Plus (EoT+) method is developed to generate patches while accounting for perturbing background simulation and sensitivity alleviation. Evaluation results obtained in digital settings show that the proposed proxy-data-based framework achieves comparable targeted attack results to the data-dependent benchmark method. Finally, the framework’s validity is comprehensively evaluated in the physical world, where the corresponding experimental videos and code can be found at here.
期刊介绍:
The central focus of this journal is the computer analysis of pictorial information. Computer Vision and Image Understanding publishes papers covering all aspects of image analysis from the low-level, iconic processes of early vision to the high-level, symbolic processes of recognition and interpretation. A wide range of topics in the image understanding area is covered, including papers offering insights that differ from predominant views.
Research Areas Include:
• Theory
• Early vision
• Data structures and representations
• Shape
• Range
• Motion
• Matching and recognition
• Architecture and languages
• Vision systems