Network transferability of adversarial patches in real-time object detection
This addresses a security vulnerability in real-time object detection systems, but it is incremental as it builds on existing adversarial patch research.
The paper tackles the problem of adversarial patch transferability across different object detector architectures, finding that patches optimized with larger models provide better network transferability than those from smaller models, as shown in evaluations across various models on two datasets.
Adversarial patches in computer vision can be used, to fool deep neural networks and manipulate their decision-making process. One of the most prominent examples of adversarial patches are evasion attacks for object detectors. By covering parts of objects of interest, these patches suppress the detections and thus make the target object 'invisible' to the object detector. Since these patches are usually optimized on a specific network with a specific train dataset, the transferability across multiple networks and datasets is not given. This paper addresses these issues and investigates the transferability across numerous object detector architectures. Our extensive evaluation across various models on two distinct datasets indicates that patches optimized with larger models provide better network transferability than patches that are optimized with smaller models.