当前位置: X-MOL 学术J. Netw. Syst. Manag. › 论文详情
Our official English website, www.x-mol.net, welcomes your feedback! (Note: you will need to create a separate account there.)
A Novel Lightweight Defense Method Against Adversarial Patches-Based Attacks on Automated Vehicle Make and Model Recognition Systems
Journal of Network and Systems Management ( IF 4.1 ) Pub Date : 2021-05-31 , DOI: 10.1007/s10922-021-09608-6
Abdul Jabbar Siddiqui , Azzedine Boukerche

In smart cities, connected and automated surveillance systems play an essential role in ensuring safety and security of life, property, critical infrastructures and cyber-physical systems. The recent trend of such surveillance systems has been to embrace the use of advanced deep learning models such as convolutional neural networks for the task of detection, monitoring or tracking. In this paper, we focus on the security of an automated surveillance system that is responsible for vehicle make and model recognition (VMMR). We introduce an adversarial attack against such VMMR systems through adversarially learnt patches. We demonstrate the effectiveness of the developed adversarial patches against VMMR through experimental evaluations on a real-world vehicle surveillance dataset. The developed adversarial patches achieve reductions of up to \(48\%\) in VMMR recall scores. In addition, we propose a lightweight defense method called SIHFR (stands for Symmetric Image-Half Flip and Replace) to eliminate the effect of adversarial patches on VMMR performance. Through experimental evaluations, we investigate the robustness of the proposed defense method under varying patch placement strategies and patch sizes. The proposed defense method adds a minimal overhead of less than 2ms per image (on average) and succeeds in enhancing VMMR performance by up to \(69.28\%\). It is hoped that this work shall guide future studies to develop smart city VMMR surveillance systems that are robust to cyber-physical attacks based on adversarially learnt patches.



中文翻译:

针对自动车辆制造和模型识别系统的基于对抗性补丁的攻击的新型轻量级防御方法

在智慧城市中,联网和自动化监控系统在确保生命、财产、关键基础设施和网络物理系统的安全和保障方面发挥着至关重要的作用。此类监视系统的最新趋势是采用先进的深度学习模型(例如卷积神经网络)来执行检测、监视或跟踪任务。在本文中,我们专注于负责车辆制造和模型识别 (VMMR) 的自动监控系统的安全性。我们通过对抗性学习的补丁对此类 VMMR 系统进行对抗性攻击。我们通过对真实世界车辆监控数据集的实验评估证明了开发的对抗性补丁对 VMMR 的有效性。开发的对抗性补丁可以减少多达\(48\%\)在 VMMR 召回分数中。此外,我们提出了一种称为SIHFR(代表Symmetric Image-Half Flip and Replace)的轻量级防御方法以消除对抗性补丁对 VMMR 性能的影响。通过实验评估,我们研究了在不同补丁放置策略和补丁大小下所提出的防御方法的稳健性。所提出的防御方法增加了每幅图像不到 2 毫秒的最小开销(平均),并成功地将 VMMR 性能提高了\(69.28\%\)。希望这项工作能够指导未来的研究,以开发对基于对抗性学习补丁的网络物理攻击具有鲁棒性的智慧城市 VMMR 监控系统。

更新日期:2021-06-01
down
wechat
bug