PB-UAP: Hybrid Universal Adversarial Attack For Image Segmentation
This addresses the problem of model robustness in segmentation tasks for AI security researchers, representing a domain-specific advancement.
The paper tackles the limited research on universal adversarial attacks for image segmentation models by proposing a novel method with dual feature separation and low-frequency scattering modules, achieving high attack success rates that surpass state-of-the-art methods and strong transferability across models.
With the rapid advancement of deep learning, the model robustness has become a significant research hotspot, \ie, adversarial attacks on deep neural networks. Existing works primarily focus on image classification tasks, aiming to alter the model's predicted labels. Due to the output complexity and deeper network architectures, research on adversarial examples for segmentation models is still limited, particularly for universal adversarial perturbations. In this paper, we propose a novel universal adversarial attack method designed for segmentation models, which includes dual feature separation and low-frequency scattering modules. The two modules guide the training of adversarial examples in the pixel and frequency space, respectively. Experiments demonstrate that our method achieves high attack success rates surpassing the state-of-the-art methods, and exhibits strong transferability across different models.