Timezone: »

 
Delving into the Remote Adversarial Patch in Semantic Segmentation
yulong cao · Jiachen Sun · Chaowei Xiao · Qi Chen · Zhuoqing Morley Mao

@
in Workshop on Socially Responsible Machine Learning »

In modern image semantic segmentation models, large receptive field is used for better segmentation performance. Due to the inefficiency of directly using large convolution kernels, several techniques such as dilated convolution, attention are invented to increase the receptive field of the deep learning models. However, large receptive fields introduces a new attack vector for adversarial attacks on segmentation/object detection models. In this work, we demonstrate that a large receptive field exposes the models to new risks. To show its serious consequences, we propose a new attack, remote adversarial patch attack, which is able to mislead the prediction results of the targeted object without directly accessing and manipulating (adding) adversarial perturbation to the targeted object. We conduct comprehensive experiments on evaluating the attack on models with different receptive field sizes, which reduces the mIoU from 30% to 100%. In the end, we also apply our remote adversarial patch attack to the physical-world setting. We show that with the adversarial patch printed on the road, it is able to remove the target vehicle at different positions which is unknown in advance.

Author Information

yulong cao (University of Michigan, Ann Arbor)
Jiachen Sun (University of Michigan)
Chaowei Xiao (University of Michigan, Ann Arbor)
Qi Chen (University of California, Irvine)

Qi Alfred Chen is an Assistant Professor in the Department of Computer Science at the University of California, Irvine. His research interest is network and systems security, and the major research theme is addressing security challenges through systematic problem analysis and mitigation. His research has discovered and mitigated security problems in systems such as next-generation transportation systems, smartphone OSes, network protocols, DNS, GUI systems and access control systems. Currently, his focus has been in smart systems and IoT, including transportation and autonomous vehicle systems. His work has high impact in both academic and industry with over 10 top-tier conference papers, a DHS US-CERT alert, multiple CVEs, and over 50 news articles by major news media such as Fortune and BBC News. Chen received his Ph.D. from the University of Michigan in 2018.

Zhuoqing Morley Mao (University of Michigan)

More from the Same Authors