A Human-in-the-Middle Attack against Object Detection Systems
Han Wu, Sareh Rowlands, Johan Wahlstrom
TL;DR
This work models a new vulnerability class where a human-in-the-middle hardware channel injects perturbations into sensor data used by object detectors. It introduces PCB, a gradient-based method for both image-specific and universal perturbations, delivered via hardware between a USB camera and the detector, leveraging learning-rate decay and two loss formulations. Three novel evaluation metrics are proposed to capture attack strength and stability, along with an open-source white-box toolbox for real-time attacks. Experiments on VOC2012 and CARLA with YOLO demonstrate real-time feasibility and reveal significant safety implications for autonomous perception systems.
Abstract
Object detection systems using deep learning models have become increasingly popular in robotics thanks to the rising power of CPUs and GPUs in embedded systems. However, these models are susceptible to adversarial attacks. While some attacks are limited by strict assumptions on access to the detection system, we propose a novel hardware attack inspired by Man-in-the-Middle attacks in cryptography. This attack generates a Universal Adversarial Perturbations (UAP) and injects the perturbation between the USB camera and the detection system via a hardware attack. Besides, prior research is misled by an evaluation metric that measures the model accuracy rather than the attack performance. In combination with our proposed evaluation metrics, we significantly increased the strength of adversarial perturbations. These findings raise serious concerns for applications of deep learning models in safety-critical systems, such as autonomous driving.