Deep learning-based person re-identification (Re-ID) has made great progress and achieved high performance recently. In this paper, we make the first attempt to examine the vulnerability of current person Re-ID models against a dangerous attack method, i.e. , the universal adversarial perturbation (UAP) attack, which has been shown to fool classification models with a little overhead. We propose a more universal adversarial perturbation (MUAP) method for both image-agnostic and model-insensitive person Re-ID attack. Firstly, we adopt a list-wise attack objective function to disrupt the similarity ranking list directly. Secondly, we propose a model-insensitive mechanism for cross-model attack. Extensive experiments show that the proposed attack approach achieves high attack performance and outperforms other state of the arts by large margin in cross-model scenario. The results also demonstrate the vulnerability of current Re-ID models to MUAP and further suggest the need of designing more robust Re-ID models.

中文翻译：

---

超越通用人重识别攻击

基于深度学习的行人重识别（Re-ID）最近取得了很大进展并取得了高性能。在本文中，我们首次尝试检查当前人员 Re-ID 模型对危险攻击方法的脆弱性，IE ，通用对抗性扰动 (UAP) 攻击，它已被​​证明可以用一点开销来欺骗分类模型。我们提出一个更普遍对抗性扰动 (MUAP) 方法，用于图像不可知和模型不敏感的人 Re-ID 攻击。首先，我们采用列表式攻击目标函数来直接破坏相似度排名列表。其次，我们提出了一种模型不敏感的跨模型攻击机制。大量实验表明，所提出的攻击方法实现了高攻击性能，并且在跨模型场景中大大优于其他现有技术。结果还证明了当前 Re-ID 模型对 MUAP 的脆弱性，并进一步表明需要设计更强大的 Re-ID 模型。