基于YOLOv8目标检测器的对抗攻击方案设计  

Design of Adversarial Attack Scheme Based on YOLOv8Object Detector

作  者:李秀滢[1] 赵海淇 陈雪松 张健毅 赵成[1] Li Xiuying;Zhao Haiqi;Chen Xuesong;Zhang Jianyi;Zhao Cheng(Beijing Electronic Science and Technology Institute,Beijing 100070)

机构地区:[1]北京电子科技学院,北京100070

出  处:《信息安全研究》2025年第3期221-230,共10页Journal of Information Security Research

基  金:国家档案局科技项目(2022-X-069);北京市自然科学基金项目(4232034);中央高校基本科研业务费专项资金项目(3282023038,328202264,328202241)。

摘  要:目前,基于人工智能目标检测技术的摄像头得到了广泛的应用.而在现实世界中,基于人工智能的目标检测模型容易受到对抗样本攻击.现有的对抗样本攻击方案都是针对早版本的目标检测模型而设计的,利用这些方案去攻击最新的YOLOv8目标检测器并不能取得很好的攻击效果.为解决这一问题,针对YOLOv8目标检测器设计了一个全新的对抗补丁攻击方案.该方案在最小化置信度输出的基础上,引入了EMA注意力机制强化补丁生成时的特征提取,进而增强了攻击效果.实验证明该方案具有较优异的攻击效果和迁移性,将该方案形成的对抗补丁打印在衣服上进行验证测试,同样获得较优异的攻击效果,表明该方案具有较强的实用性.Currently,cameras equipped with AI object detection technology are widely used.However,AI object detection models in real-world applications are vulnerable to adversarial attacks.Existing adversarial attack methods,primarily designed for earlier models,are ineffective against the latest YOLOv8object detector.To address this issue,we propose a novel adversarial patch attack method specifically for the YOLOv8 object detector.This method minimizes confidence output while incorporating an exponential moving average(EMA)attention mechanism to enhance feature extraction during patch generation,thereby improving the attack’s effectiveness.Experimental results demonstrate that our method achieves superior attack performance and transferability.Validation tests,in which the adversarial patches were printed on clothing,also demonstrated excellent attack results,indicating the strong practicality of our proposed method.

关 键 词:深度学习 对抗样本 YOLOv8 目标检测 对抗补丁 

分 类 号:TP309.1[自动化与计算机技术—计算机系统结构]

 

参考文献:

正在载入数据...

 

二级参考文献:

正在载入数据...

 

耦合文献:

正在载入数据...

 

引证文献:

正在载入数据...

 

二级引证文献:

正在载入数据...

 

同被引文献:

正在载入数据...

 

相关期刊文献:

正在载入数据...

相关的主题
相关的作者对象
相关的机构对象