Chrome Extension
WeChat Mini Program
Use on ChatGLM

Public-attention-based Adversarial Attack on Traffic Sign Recognition.

2023 IEEE 20TH CONSUMER COMMUNICATIONS & NETWORKING CONFERENCE, CCNC(2023)

Telecom Paris | Tsinghua Univ

Cited 4|Views16
Abstract
Autonomous driving systems (ADS) can instantaneously and accurately recognize traffic signs by using deep neural networks (DNNs). Although adversarial attacks are well-known to easily fool DNNs by adding tiny but malicious perturbations, most attack methods require sufficient information about the victim models (white-box) to perform. In this paper, we propose a black-box attack in the recognition system of ADS, Public Attention Attacks (PAA), that can attack a black-box model by collecting the generic attention patterns of other white-box DNNs to transfer the attack. Particularly, we select multiple dual or triple attention patterns of white-box model combinations to generate the transferable adversarial perturbations for PAA attacks. We perform the experimentation on four well-trained models in different adversarial settings separately. The results indicate that when more white-box models the adversary collects to perform PAA, the higher the attack success rate (ASR) he can achieve to attack the target black-box model.
More
Translated text
Key words
Adversarial attack,attention heat map,trans-ferability,deep neural networks,traffic sign recognition
求助PDF
上传PDF
Bibtex
AI Read Science
AI Summary
AI Summary is the key point extracted automatically understanding the full text of the paper, including the background, methods, results, conclusions, icons and other key content, so that you can get the outline of the paper at a glance.
Example
Background
Key content
Introduction
Methods
Results
Related work
Fund
Key content
  • Pretraining has recently greatly promoted the development of natural language processing (NLP)
  • We show that M6 outperforms the baselines in multimodal downstream tasks, and the large M6 with 10 parameters can reach a better performance
  • We propose a method called M6 that is able to process information of multiple modalities and perform both single-modal and cross-modal understanding and generation
  • The model is scaled to large model with 10 billion parameters with sophisticated deployment, and the 10 -parameter M6-large is the largest pretrained model in Chinese
  • Experimental results show that our proposed M6 outperforms the baseline in a number of downstream tasks concerning both single modality and multiple modalities We will continue the pretraining of extremely large models by increasing data to explore the limit of its performance
Upload PDF to Generate Summary
Must-Reading Tree
Example
Generate MRT to find the research sequence of this paper
Related Papers
Data Disclaimer
The page data are from open Internet sources, cooperative publishers and automatic analysis results through AI technology. We do not make any commitments and guarantees for the validity, accuracy, correctness, reliability, completeness and timeliness of the page data. If you have any questions, please contact us by email: report@aminer.cn
Chat Paper

要点】:本文提出了一种名为公共注意力攻击(PAA)的黑盒攻击方法,可以通过收集其他白盒深度神经网络的通用注意力模式来攻击黑盒模型,实验结果表明收集更多的白盒模型可以提高攻击成功率。

方法】:提出了一种名为公共注意力攻击(PAA)的黑盒攻击方法,可以攻击黑盒模型。

实验】:在不同的对抗设置下对四个训练良好的模型进行了实验,结果表明收集更多的白盒模型可以提高攻击成功率。