Beyond Universal Person Re-ID Attack
This work addresses security risks in person Re-ID systems, which are critical for surveillance and security applications, by exposing model vulnerabilities in an incremental manner.
The paper tackles the vulnerability of person re-identification (Re-ID) models to adversarial attacks by proposing a more universal adversarial perturbation (MUAP) method, achieving high attack performance and outperforming state-of-the-art methods by a large margin in cross-model scenarios.
Deep learning-based person re-identification (Re-ID) has made great progress and achieved high performance recently. In this paper, we make the first attempt to examine the vulnerability of current person Re-ID models against a dangerous attack method, \ie, the universal adversarial perturbation (UAP) attack, which has been shown to fool classification models with a little overhead. We propose a \emph{more universal} adversarial perturbation (MUAP) method for both image-agnostic and model-insensitive person Re-ID attack. Firstly, we adopt a list-wise attack objective function to disrupt the similarity ranking list directly. Secondly, we propose a model-insensitive mechanism for cross-model attack. Extensive experiments show that the proposed attack approach achieves high attack performance and outperforms other state of the arts by large margin in cross-model scenario. The results also demonstrate the vulnerability of current Re-ID models to MUAP and further suggest the need of designing more robust Re-ID models.