DAP: a dynamic adversarial patch for evading person detectors

Amira Guesmi, Ruitian Ding, Muhammad Abdullah Hanif, Ihsen Alouani, Muhammad Shafique

Research output: Chapter in Book/Report/Conference proceedingConference contribution

10 Downloads (Pure)

Abstract

Patch-based adversarial attacks were proven to compromise the robustness and reliability of computer vision systems. However, their conspicuous and easily detectable nature challenge their practicality in real-world setting. To address this, recent work has proposed using Generative Adversarial Networks (GANs) to generate naturalistic patches that may not attract human attention. However, such approaches suffer from a limited latent space making it challenging to produce a patch that is efficient, stealthy, and robust to multiple real-world transformations. This paper introduces a novel approach that produces a Dynamic Adversarial Patch (DAP) designed to overcome these limitations. DAP maintains a naturalistic appearance while optimizing attack efficiency and robustness to real-world transformations. The approach involves redefining the optimization problem and introducing a novel objective function that incorporates a similarity metric to guide the patch's creation. Unlike GAN-based techniques, the DAP directly modifies pixel values within the patch, providing increased flexibility and adaptability to multiple transformations. Furthermore, most clothing-based physical attacks assume static objects and ignore the possible transformations caused by non-rigid deformation due to changes in a person's pose. To address this limitation, a ‘Creases Transformation’ (CT) block is introduced, enhancing the patch's resilience to a variety of real-world distortions. Experimental results demonstrate that the proposed approach outperforms state-of-the-art attacks, achieving a success rate of up to 82.28% in the digital world when targeting the YOLOv7 detector and 65% in the physical world when targeting YOLOv3tiny detector deployed in edge-based smart cameras.

Original languageEnglish
Title of host publication2024 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR): proceedings
PublisherInstitute of Electrical and Electronics Engineers Inc.
Pages24595-24604
Number of pages10
ISBN (Electronic)9798350353006
ISBN (Print)9798350353013
DOIs
Publication statusPublished - 16 Sept 2024
EventIEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024 - Seattle, United States
Duration: 17 Jun 202421 Jun 2024
Conference number: 37

Publication series

NameIEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR): Proceedings
ISSN (Print)1063-6919
ISSN (Electronic)2575-7075

Conference

ConferenceIEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), 2024
Abbreviated titleCVPR 2024
Country/TerritoryUnited States
CitySeattle
Period17/06/202421/06/2024

Publications and Copyright Policy

This work is licensed under Queen’s Research Publications and Copyright Policy.

Keywords

  • dynamic adversarial patch
  • evading person detectors
  • computer vision systems

Fingerprint

Dive into the research topics of 'DAP: a dynamic adversarial patch for evading person detectors'. Together they form a unique fingerprint.

Cite this