Universal Physical Camouflage Attacks on Object Detectors

Huang, Lifeng; Gao, Chengying; Zhou, Yuyin; Xie, Cihang; Yuille, Alan; Zhang, Changqing; Liu, Ning

doi:10.1109/cvpr42600.2020.00080

Cited by 128 publications

(104 citation statements)

References 24 publications

Supporting

Mentioning

Contrasting

Order By: Relevance

“…These random noise patches, when applied to the vehicle in the same location, achieve a 0% success rate. The results of this case study suggests a worrisome fact that sensor fusion models are still vulnerable to universal physical adversarial examples, similar to what is shown in Huang et al [5].…”

Section: Towards Generalizabilitysupporting

confidence: 86%

Sensor Adversarial Traits: Analyzing Robustness of 3D Object Detection Sensor Fusion Models

Park

Liu

Chen

et al. 2021

2021 IEEE International Conference on Image Processing (ICIP)

View full text Add to dashboard Cite

A critical aspect of autonomous vehicles (AVs) is the object detection stage, which is increasingly being performed with sensor fusion models: multimodal 3D object detection models which utilize both 2D RGB image data and 3D data from a LIDAR sensor as inputs. In this work, we perform the first study to analyze the robustness of a high-performance, open source sensor fusion model architecture towards adversarial attacks and challenge the popular belief that the use of additional sensors automatically mitigate the risk of adversarial attacks. We find that despite the use of a LIDAR sensor, the model is vulnerable to our purposefully crafted image-based adversarial attacks including disappearance, universal patch, and spoofing. After identifying the underlying reason, we explore some potential defenses and provide some recommendations for improved sensor fusion models.

show abstract

Section: Towards Generalizabilitysupporting

confidence: 86%

Sensor Adversarial Traits: Analyzing Robustness of 3D Object Detection Sensor Fusion Models

Park

Liu

Chen

et al. 2021

2021 IEEE International Conference on Image Processing (ICIP)

View full text Add to dashboard Cite

show abstract

“…It is an attempt to block tag's interaction with the corresponding reader by making tags impractical to be read, and hence, it is indispensable to ensure that RFID tags are not destroyed with an unlawful parity [124] Users or objects authentication [125] Near-Field Communication (NFC) (continued) Secure channel (authentication and encryption) [44] Relay S3, S4, S6, S7 Attackers redirect the calls from the readers of object to a malevolent one and replay backward its reply rapidly [126]. It severely relies on the implementation of the application protocol data unit instructions (ISO/IEC1443) Timing [127], distance bounding of cryptographic challenge-response couples [128] Man in the middle (MITM) S4, S6, S7 Adversary can capture the data, alter and send it to malevolent things in close vicinity making such attacks very complicated, encryption methods also make it difficult to succeed if they are fulfilled correctly [129] A secure channel between the NFC objects Data corruption All An attacker possesses the ability to disrupt communication channels between NFC-armed IoT devices by altering the transmitted data to be unreadable leading to a denial of services attack [130] The discovery of RF spheres throughout the communication of data [44] Data modification All An attacker possesses the ability to attacker modify the content of communicated data between NFC-armed IoT devices [131] Channel securing, Baud rate adjustment, constant checking of RF arena [44] (continued) An attacker attempt to inject some information into transmitted data when the NFC-armed device needs a long time to reply [130] Immediate entities response, securing the channel between two entities [130] Bluetooth Bluesnarfing All An attacker seeks to gain unlawful access to Bluetooth devices with the aim to capture their information and forward the incoming requests to another device [49] Setting mobiles on non-ascertainable style [49], keep on disconnected [64], validate next transmission BlueBugging All An adversary might use some weaknesses in legacy firmware to get into the victim's device to eavesdrop on phone calls, messages, emails, and link up to the internet without the awareness of the owner [49] Updating software and firmware, apply signatures to RF signals [132] Bluejacking S1, S2, S7, S10 An attacker can exploit the ability to transmit a radio business card to send an assault card; nonetheless, this necessitates the attacker to be very close i.e., within 10 m from the victim's device [49] Non-ascertainable style [49], keep on disconnected…”

Section: Allmentioning

confidence: 99%

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Abdel‐Basset

Moustafa

Hawash

et al. 2021

Deep Learning Techniques for IoT Security and Privacy

View full text Add to dashboard Cite

This chapter elaborates on different security aspects to be taken into accounts during the development and the deployments of IoT architecture. To make the reader about the security of the IoT based system, this chapter begins by defining the contemporary security requirements that should be considered to realize a reliable and trustworthy IoT environment. Then, the discussion extends to differentiate different concepts of IoT security i.e., threat, vulnerability, countermeasure, attacks, risks; and also explain how the concepts relate to each other. Later, a systematic taxonomy is presented for classifying IoT attacks according to IoT assets, where each class of IoT is further classified into more subcategories. Finally, the discussion of each elaborate different categories of IoT attack indicating their main security targets and possible IoT countermeasures.To sum up, this chapter intends to provide a comprehensive overview regarding IoT security vulnerabilities, threats, countermeasures, risks along with practices of handling them all through the following sections: • Security Requirements in Internet of Things • IoT threats, Attacks, vulnerabilities, and risks • Today's IoT attacks and Countermeasures • IoT attack surfaces • Summary and Learnt Lessons.

show abstract

“…Thus physical-world attacks need to generate large perturbations to increase adversarial strength, and it is always challenging to produce both effective and stealthy perturbations. Previous works proposed either controlling the perturbation into a small area or camouflaging the perturbation into target stealthy styles [3,13,11,21].…”

Section: Adversarial Attacksmentioning

confidence: 99%

Moiré Attack (MA): A New Potential Risk of Screen Photos

Niu¹,

Guo²,

Wang³

2021

Preprint

View full text Add to dashboard Cite

Images, captured by a camera, play a critical role in training Deep Neural Networks (DNNs). Usually, we assume the images acquired by cameras are consistent with the ones perceived by human eyes. However, due to the different physical mechanisms between human-vision and computer-vision systems, the final perceived images could be very different in some cases, for example shooting on digital monitors. In this paper, we find a special phenomenon in digital image processing, the moiré effect, that could cause unnoticed security threats to DNNs. Based on it, we propose a Moiré Attack (MA) that generates the physical-world moiré pattern adding to the images by mimicking the shooting process of digital devices. Extensive experiments demonstrate that our proposed digital Moiré Attack (MA) is a perfect camouflage for attackers to tamper with DNNs with a high success rate (100.0% for untargeted and 97.0% for targeted attack with the noise budget = 4), high transferability rate across different models, and high robustness under various defenses. Furthermore, MA owns great stealthiness because the moiré effect is unavoidable due to the camera's inner physical structure, which therefore hardly attracts the awareness of humans. Our code is available at https://github.com/Dantong88/Moire_Attack.

show abstract

Universal Physical Camouflage Attacks on Object Detectors

Cited by 128 publications

References 24 publications

Sensor Adversarial Traits: Analyzing Robustness of 3D Object Detection Sensor Fusion Models

Sensor Adversarial Traits: Analyzing Robustness of 3D Object Detection Sensor Fusion Models

Internet of Things Security Requirements, Threats, Attacks, and Countermeasures

Moiré Attack (MA): A New Potential Risk of Screen Photos

Contact Info

Product

Resources

About