Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

A Survey and Evaluation of Adversarial Attacks for Object Detection

Khoi Nguyen Tiet Nguyen, Wenyu Zhang, Kangkang Lu, Yuhuan Wu, Xingjian Zheng, Hui Li Tan, Liangli Zhen

TL;DR

The paper addresses the vulnerability of object detection systems to adversarial perturbations, proposing a taxonomy and a unified evaluation framework to compare attacks across diverse detectors, including those with vision-language pretraining. It synthesizes robustness metrics, conducts systematic empirical evaluations of state-of-the-art attacks on multiple detectors, and analyzes transferability and cross-model effectiveness using open-source implementations. Key findings show that newer architectures exhibit greater robustness, smaller objects are more susceptible, and ensemble surrogate models significantly enhance transferability, while standardized evaluation remains critical. The work highlights practical implications for defense design and the need for standardized benchmarks to accelerate progress in securing object detection in real-world applications.

Abstract

Deep learning models achieve remarkable accuracy in computer vision tasks, yet remain vulnerable to adversarial examples--carefully crafted perturbations to input images that can deceive these models into making confident but incorrect predictions. This vulnerability pose significant risks in high-stakes applications such as autonomous vehicles, security surveillance, and safety-critical inspection systems. While the existing literature extensively covers adversarial attacks in image classification, comprehensive analyses of such attacks on object detection systems remain limited. This paper presents a novel taxonomic framework for categorizing adversarial attacks specific to object detection architectures, synthesizes existing robustness metrics, and provides a comprehensive empirical evaluation of state-of-the-art attack methodologies on popular object detection models, including both traditional detectors and modern detectors with vision-language pretraining. Through rigorous analysis of open-source attack implementations and their effectiveness across diverse detection architectures, we derive key insights into attack characteristics. Furthermore, we delineate critical research gaps and emerging challenges to guide future investigations in securing object detection systems against adversarial threats. Our findings establish a foundation for developing more robust detection models while highlighting the urgent need for standardized evaluation protocols in this rapidly evolving domain.

A Survey and Evaluation of Adversarial Attacks for Object Detection

TL;DR

The paper addresses the vulnerability of object detection systems to adversarial perturbations, proposing a taxonomy and a unified evaluation framework to compare attacks across diverse detectors, including those with vision-language pretraining. It synthesizes robustness metrics, conducts systematic empirical evaluations of state-of-the-art attacks on multiple detectors, and analyzes transferability and cross-model effectiveness using open-source implementations. Key findings show that newer architectures exhibit greater robustness, smaller objects are more susceptible, and ensemble surrogate models significantly enhance transferability, while standardized evaluation remains critical. The work highlights practical implications for defense design and the need for standardized benchmarks to accelerate progress in securing object detection in real-world applications.

Abstract

Deep learning models achieve remarkable accuracy in computer vision tasks, yet remain vulnerable to adversarial examples--carefully crafted perturbations to input images that can deceive these models into making confident but incorrect predictions. This vulnerability pose significant risks in high-stakes applications such as autonomous vehicles, security surveillance, and safety-critical inspection systems. While the existing literature extensively covers adversarial attacks in image classification, comprehensive analyses of such attacks on object detection systems remain limited. This paper presents a novel taxonomic framework for categorizing adversarial attacks specific to object detection architectures, synthesizes existing robustness metrics, and provides a comprehensive empirical evaluation of state-of-the-art attack methodologies on popular object detection models, including both traditional detectors and modern detectors with vision-language pretraining. Through rigorous analysis of open-source attack implementations and their effectiveness across diverse detection architectures, we derive key insights into attack characteristics. Furthermore, we delineate critical research gaps and emerging challenges to guide future investigations in securing object detection systems against adversarial threats. Our findings establish a foundation for developing more robust detection models while highlighting the urgent need for standardized evaluation protocols in this rapidly evolving domain.
Paper Structure (39 sections, 10 equations, 4 figures, 11 tables)

This paper contains 39 sections, 10 equations, 4 figures, 11 tables.

Table of Contents

  1. Introduction
  2. Taxonomy of adversarial attacks
  3. Preliminaries
  4. Adversarial model
  5. Environment
  6. Knowledge
  7. Intent outcome
  8. Intent specificity
  9. Attack method
  10. Detector type
  11. Component under attack
  12. Perturbation norm
  13. Frequency
  14. Attack specificity
  15. Region specificity
  16. ...and 24 more sections

Figures (4)

  • Figure 1: Taxonomy and evaluation metrics on adversarial attacks in object detection.
  • Figure 2: Adversarial attack procedure.
  • Figure 3: Examples of outcomes of integrity-based attacks. Original images taken from MS COCO 2017 Lin2014MicrosoftCC
  • Figure 4: Non-Maximum Suppression (NMS) a post-processing technique to remove redundant bounding boxes generated by the object detector. Original image taken from MS COCO 2017 Lin2014MicrosoftCC.