Jiawei Liu , Xun Gong , Tingting Wang , Yunfeng Hu , Hong Chen
{"title":"基于代理数据的分层对抗补丁生成方法","authors":"Jiawei Liu , Xun Gong , Tingting Wang , Yunfeng Hu , Hong Chen","doi":"10.1016/j.cviu.2024.104066","DOIUrl":null,"url":null,"abstract":"<div><p>Current <em>training data-dependent</em> physical attacks have limited applicability to privacy-critical situations when attackers lack access to neural networks’ training data. To address this issue, this paper presents a hierarchical adversarial patch generation framework considering data privacy, utilizing <em>proxy datasets</em> while assuming that the training data is blinded. In the upper layer, <strong>Average Patch Saliency</strong> (<strong>APS</strong>) is introduced as a quantitative metric to determine the best proxy dataset for patch generation from a set of publicly available datasets. In the lower layer, <strong>Expectation of Transformation Plus</strong> (<strong>EoT+</strong>) method is developed to generate patches while accounting for perturbing background simulation and sensitivity alleviation. Evaluation results obtained in digital settings show that the proposed proxy-data-based framework achieves comparable targeted attack results to the data-dependent benchmark method. Finally, the framework’s validity is comprehensively evaluated in the physical world, where the corresponding experimental videos and code can be found at <span>here</span><svg><path></path></svg>.</p></div>","PeriodicalId":50633,"journal":{"name":"Computer Vision and Image Understanding","volume":null,"pages":null},"PeriodicalIF":4.3000,"publicationDate":"2024-06-24","publicationTypes":"Journal Article","fieldsOfStudy":null,"isOpenAccess":false,"openAccessPdf":"","citationCount":"0","resultStr":"{\"title\":\"A proxy-data-based hierarchical adversarial patch generation method\",\"authors\":\"Jiawei Liu , Xun Gong , Tingting Wang , Yunfeng Hu , Hong Chen\",\"doi\":\"10.1016/j.cviu.2024.104066\",\"DOIUrl\":null,\"url\":null,\"abstract\":\"<div><p>Current <em>training data-dependent</em> physical attacks have limited applicability to privacy-critical situations when attackers lack access to neural networks’ training data. To address this issue, this paper presents a hierarchical adversarial patch generation framework considering data privacy, utilizing <em>proxy datasets</em> while assuming that the training data is blinded. In the upper layer, <strong>Average Patch Saliency</strong> (<strong>APS</strong>) is introduced as a quantitative metric to determine the best proxy dataset for patch generation from a set of publicly available datasets. In the lower layer, <strong>Expectation of Transformation Plus</strong> (<strong>EoT+</strong>) method is developed to generate patches while accounting for perturbing background simulation and sensitivity alleviation. Evaluation results obtained in digital settings show that the proposed proxy-data-based framework achieves comparable targeted attack results to the data-dependent benchmark method. Finally, the framework’s validity is comprehensively evaluated in the physical world, where the corresponding experimental videos and code can be found at <span>here</span><svg><path></path></svg>.</p></div>\",\"PeriodicalId\":50633,\"journal\":{\"name\":\"Computer Vision and Image Understanding\",\"volume\":null,\"pages\":null},\"PeriodicalIF\":4.3000,\"publicationDate\":\"2024-06-24\",\"publicationTypes\":\"Journal Article\",\"fieldsOfStudy\":null,\"isOpenAccess\":false,\"openAccessPdf\":\"\",\"citationCount\":\"0\",\"resultStr\":null,\"platform\":\"Semanticscholar\",\"paperid\":null,\"PeriodicalName\":\"Computer Vision and Image Understanding\",\"FirstCategoryId\":\"94\",\"ListUrlMain\":\"https://www.sciencedirect.com/science/article/pii/S1077314224001474\",\"RegionNum\":3,\"RegionCategory\":\"计算机科学\",\"ArticlePicture\":[],\"TitleCN\":null,\"AbstractTextCN\":null,\"PMCID\":null,\"EPubDate\":\"\",\"PubModel\":\"\",\"JCR\":\"Q2\",\"JCRName\":\"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE\",\"Score\":null,\"Total\":0}","platform":"Semanticscholar","paperid":null,"PeriodicalName":"Computer Vision and Image Understanding","FirstCategoryId":"94","ListUrlMain":"https://www.sciencedirect.com/science/article/pii/S1077314224001474","RegionNum":3,"RegionCategory":"计算机科学","ArticlePicture":[],"TitleCN":null,"AbstractTextCN":null,"PMCID":null,"EPubDate":"","PubModel":"","JCR":"Q2","JCRName":"COMPUTER SCIENCE, ARTIFICIAL INTELLIGENCE","Score":null,"Total":0}
A proxy-data-based hierarchical adversarial patch generation method
Current training data-dependent physical attacks have limited applicability to privacy-critical situations when attackers lack access to neural networks’ training data. To address this issue, this paper presents a hierarchical adversarial patch generation framework considering data privacy, utilizing proxy datasets while assuming that the training data is blinded. In the upper layer, Average Patch Saliency (APS) is introduced as a quantitative metric to determine the best proxy dataset for patch generation from a set of publicly available datasets. In the lower layer, Expectation of Transformation Plus (EoT+) method is developed to generate patches while accounting for perturbing background simulation and sensitivity alleviation. Evaluation results obtained in digital settings show that the proposed proxy-data-based framework achieves comparable targeted attack results to the data-dependent benchmark method. Finally, the framework’s validity is comprehensively evaluated in the physical world, where the corresponding experimental videos and code can be found at here.
期刊介绍:
The central focus of this journal is the computer analysis of pictorial information. Computer Vision and Image Understanding publishes papers covering all aspects of image analysis from the low-level, iconic processes of early vision to the high-level, symbolic processes of recognition and interpretation. A wide range of topics in the image understanding area is covered, including papers offering insights that differ from predominant views.
Research Areas Include:
• Theory
• Early vision
• Data structures and representations
• Shape
• Range
• Motion
• Matching and recognition
• Architecture and languages
• Vision systems