Papers
Topics
Authors
Recent
Gemini 2.5 Flash
Gemini 2.5 Flash
139 tokens/sec
GPT-4o
47 tokens/sec
Gemini 2.5 Pro Pro
43 tokens/sec
o3 Pro
4 tokens/sec
GPT-4.1 Pro
47 tokens/sec
DeepSeek R1 via Azure Pro
28 tokens/sec
2000 character limit reached

SAAM: Stealthy Adversarial Attack on Monocular Depth Estimation (2308.03108v2)

Published 6 Aug 2023 in cs.CV and cs.CR

Abstract: In this paper, we investigate the vulnerability of MDE to adversarial patches. We propose a novel \underline{S}tealthy \underline{A}dversarial \underline{A}ttacks on \underline{M}DE (SAAM) that compromises MDE by either corrupting the estimated distance or causing an object to seamlessly blend into its surroundings. Our experiments, demonstrate that the designed stealthy patch successfully causes a DNN-based MDE to misestimate the depth of objects. In fact, our proposed adversarial patch achieves a significant 60\% depth error with 99\% ratio of the affected region. Importantly, despite its adversarial nature, the patch maintains a naturalistic appearance, making it inconspicuous to human observers. We believe that this work sheds light on the threat of adversarial attacks in the context of MDE on edge devices. We hope it raises awareness within the community about the potential real-life harm of such attacks and encourages further research into developing more robust and adaptive defense mechanisms.

Definition Search Book Streamline Icon: https://streamlinehq.com
References (41)
  1. Fast depth prediction and obstacle avoidance on a monocular drone using probabilistic convolutional neural network. IEEE Transactions on Intelligent Transportation Systems, 22(1):156–167, 2021.
  2. Pseudo-lidar from visual depth estimation: Bridging the gap in 3d object detection for autonomous driving. In 2019 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 8437–8445, 2019.
  3. Cnn-slam: Real-time dense monocular slam with learned depth prediction. 2017 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 6565–6574, 2017.
  4. Monorec: Semi-supervised dense reconstruction in dynamic environments from a single moving camera. In 2021 IEEE/CVF Conference on Computer Vision and Pattern Recognition (CVPR), pages 6108–6118, 2021.
  5. Lm-reloc: Levenberg-marquardt based direct visual relocalization. CoRR, abs/2010.06323, 2020.
  6. Dap: A dynamic adversarial patch for evading person detectors, 2023.
  7. Aparate: Adaptive adversarial patch for cnn-based monocular depth estimation for autonomous navigation, 2023.
  8. Advart: Adversarial art for camouflaged object detection attacks, 2023.
  9. Adversarial patch attacks on monocular depth estimation networks. IEEE Access, 8:179094–179104, 2020.
  10. Physical attack on monocular depth estimation with optimal adversarial patches, 2022.
  11. Digging into self-supervised monocular depth estimation. CoRR, abs/1806.01260, 2018.
  12. Digging into self-supervised monocular depth estimation, 2019.
  13. Intriguing properties of neural networks. In Yoshua Bengio and Yann LeCun, editors, 2nd International Conference on Learning Representations, ICLR 2014, Banff, AB, Canada, April 14-16, 2014, Conference Track Proceedings, 2014.
  14. N. Carlini and D. A. Wagner. Towards evaluating the robustness of neural networks. CoRR, abs/1608.04644, 2016.
  15. Explaining and harnessing adversarial examples, 2014.
  16. Decision-based adversarial attacks: Reliable attacks against black-box machine learning models, 2017.
  17. N. Narodytska and S. P. Kasiviswanathan. Simple black-box adversarial perturbations for deep networks. CoRR, abs/1612.06299, 2016.
  18. J. Chen and M. I. Jordan. Boundary attack++: Query-efficient decision-based adversarial attack. CoRR, abs/1904.02144, 2019.
  19. The art of defense: Letting networks fool the attacker. IEEE Transactions on Information Forensics and Security, 18:3267–3276, 2023.
  20. Oddr: Outlier detection & dimension reduction based defense against adversarial patches. arXiv preprint arXiv:2311.12084, 2023.
  21. Defensivedr: Defending against adversarial patches using dimensionality reduction. arXiv preprint arXiv:2311.12211, 2023.
  22. Universal adversarial perturbations, 2017.
  23. Room: Adversarial machine learning attacks under real-time constraints. In 2022 International Joint Conference on Neural Networks (IJCNN), pages 1–10, 2022.
  24. Adam: A method for stochastic optimization, 2014.
  25. Understanding deep image representations by inverting them. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 5188–5196, 2015.
  26. Accessorize to a crime: Real and stealthy attacks on state-of-the-art face recognition. In Edgar R. Weippl, Stefan Katzenbeisser, Christopher Kruegel, Andrew C. Myers, and Shai Halevi, editors, Proceedings of the 2016 ACM SIGSAC Conference on Computer and Communications Security, Vienna, Austria, October 24-28, 2016, pages 1528–1540. ACM, 2016.
  27. Learning to recover 3d scene shape from a single image. In Proc. IEEE Conf. Comp. Vis. Patt. Recogn. (CVPR), 2021.
  28. Taskonomy: Disentangling task transfer learning. In Proceedings of the IEEE Conference on Computer Vision and Pattern Recognition (CVPR), June 2018.
  29. Towards robust monocular depth estimation: Mixing datasets for zero-shot cross-dataset transfer. CoRR, abs/1907.01341, 2019.
  30. Web stereo video supervision for depth prediction from dynamic scenes. CoRR, abs/1904.11112, 2019.
  31. Structure-guided ranking loss for single image depth prediction. In Proceedings of the IEEE/CVF Conference on Computer Vision and Pattern Recognition, pages 611–620, 2020.
  32. Deep residual learning for image recognition. In 2016 IEEE Conference on Computer Vision and Pattern Recognition (CVPR), pages 770–778, 2016.
  33. Imagenet: A large-scale hierarchical image database. In 2009 IEEE Conference on Computer Vision and Pattern Recognition, pages 248–255, 2009.
  34. Global-local path networks for monocular depth estimation with vertical cutdepth, 2022.
  35. Image masking for robust self-supervised monocular depth estimation, 2023.
  36. Pushmeet Kohli Nathan Silberman, Derek Hoiem and Rob Fergus. Indoor segmentation and support inference from rgbd images. In ECCV, 2012.
  37. Pytorch: An imperative style, high-performance deep learning library. In Advances in Neural Information Processing Systems 32, pages 8024–8035. Curran Associates, Inc., 2019.
  38. Boosting adversarial attacks with momentum. In Proceedings of the IEEE conference on computer vision and pattern recognition, pages 9185–9193, 2018.
  39. A study of the effect of JPG compression on adversarial images. CoRR, abs/1608.00853, 2016.
  40. Defending against whitebox adversarial attacks via randomized discretization. In Kamalika Chaudhuri and Masashi Sugiyama, editors, Proceedings of the Twenty-Second International Conference on Artificial Intelligence and Statistics, volume 89 of Proceedings of Machine Learning Research, pages 684–693. PMLR, 16–18 Apr 2019.
  41. Feature squeezing: Detecting adversarial examples in deep neural networks. CoRR, abs/1704.01155, 2017.
Citations (11)
View on Semantic Scholar

Summary

We haven't generated a summary for this paper yet.

Ai Sparkles Streamline Icon: https://streamlinehq.com Summarize Now