Deep neural networks based object detection models have revolutionized computer vision and fueled the development of a wide range of visual recognition applications. However, recent studies have revealed that deep object detectors can be compromised under adversarial attacks, causing a victim detector to detect no object, fake objects, or mislabeled objects. With object detection being used pervasively in many security-critical applications, such as autonomous vehicles and smart cities, we argue that a holistic approach for an in-depth understanding of adversarial attacks and vulnerabilities of deep object detection systems is of utmost importance for the research community to develop robust defense mechanisms. This paper presents a framework for analyzing and evaluating vulnerabilities of the state-of-the-art object detectors under an adversarial lens, aiming to analyze and demystify the attack strategies, adverse effects, and costs, as well as the cross-model and cross-resolution transferability of attacks. Using a set of quantitative metrics, extensive experiments are performed on six representative deep object detectors from three popular families (YOLOv3, SSD, and Faster R-CNN) with two benchmark datasets (PASCAL VOC and MS COCO). We demonstrate that the proposed framework can serve as a methodical benchmark for analyzing adversarial behaviors and risks in real-time object detection systems. We conjecture that this framework can also serve as a tool to assess the security risks and the adversarial robustness of deep object detectors to be deployed in real-world applications.

中文翻译：

---

通过对抗镜头理解物体检测

基于深度神经网络的物体检测模型彻底改变了计算机视觉，并推动了广泛的视觉识别应用的发展。然而，最近的研究表明，深层物体检测器可能会在对抗性攻击下受到损害，导致受害者检测器检测不到物体、假物体或错误标记的物体。随着对象检测在许多安全关键应用程序中普遍使用，例如自动驾驶汽车和智能城市，我们认为深入了解深度对象检测系统的对抗性攻击和漏洞的整体方法对于研究至关重要社区发展强大的防御机制。本文提出了一个在对抗性镜头下分析和评估最先进物体检测器漏洞的框架，旨在分析和揭开攻击策略、不利影响和成本，以及交叉模型和交叉攻击的神秘面纱。 - 攻击的分辨率可转移性。使用一组定量指标，对来自三个流行系列（YOLOv3、SSD 和 Faster R-CNN）的六个代表性深度对象检测器以及两个基准数据集（PASCAL VOC 和 MS COCO）进行了大量实验。我们证明了所提出的框架可以作为分析实时对象检测系统中的对抗性行为和风险的有条理的基准。