Deep learning models are being widely used in almost every field of computing and information processing. The advantages offered by these models are unparalleled, however, similar to any other computing discipline, they are also vulnerable to security threats. A compromised deep neural network can significantly impact its robustness and accuracy. In this work, we present a novel targeted attack method against state-of-the-art object detection models YOLO v3 and AWS Rekognition in a black-box environment. We present an improved attack method using Discrete Cosine Transform based on boundary attack plus plus mechanism, and apply it on attacking object detectors offline and online. By querying the victim detection models along with transforming the images from the spatial domain into the frequency domain, we ensure that any specified object in an image can be successfully recognized as any other desired class by YOLO v3 and AWS Rekognition. The results prove that our method has significant boosting effects on boundary attacks in offline and online object detection systems.

深度学习模型已广泛应用于计算和信息处理的几乎每个领域。这些模型提供的优势是无与伦比的，但是，与任何其他计算学科一样，它们也容易受到安全威胁的攻击。受损的深度神经网络会严重影响其鲁棒性和准确性。在这项工作中，我们提出了一种针对黑箱环境中最新对象检测模型YOLO v3和AWS Rekognition的新型针对性攻击方法。我们提出了一种基于边界攻击加机制的离散余弦变换的改进攻击方法，并将其应用于离线和在线攻击目标检测器。通过查询受害者检测模型以及将图像从空间域转换到频域，我们确保YOLO v3和AWS Rekognition可以成功将图像中的任何指定对象识别为任何其他所需的类。结果证明，该方法对离线和在线目标检测系统中的边界攻击具有明显的增强作用。