• Stars
    star
    121
  • Rank 293,836 (Top 6 %)
  • Language
    Jupyter Notebook
  • Created over 4 years ago
  • Updated over 1 year ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Real-time object detection is one of the key applications of deep neural networks (DNNs) for real-world mission-critical systems. While DNN-powered object detection systems celebrate many life-enriching opportunities, they also open doors for misuse and abuse. This project presents a suite of adversarial objectness gradient attacks, coined as TOG, which can cause the state-of-the-art deep object detection networks to suffer from untargeted random attacks or even targeted attacks with three types of specificity: (1) object-vanishing, (2) object-fabrication, and (3) object-mislabeling. Apart from tailoring an adversarial perturbation for each input image, we further demonstrate TOG as a universal attack, which trains a single adversarial perturbation that can be generalized to effectively craft an unseen input with a negligible attack time cost. Also, we apply TOG as an adversarial patch attack, a form of physical attacks, showing its ability to optimize a visually confined patch filled with malicious patterns, deceiving well-trained object detectors to misbehave purposefully.

TOG: Adversarial Objectness Gradient Attacks in Real-time Object Detection Systems

Real-time object detection is one of the key applications of deep neural networks (DNNs) for real-world mission-critical systems. While DNN-powered object detection systems celebrate many life-enriching opportunities, they also open doors for misuse and abuse. This project presents a suite of adversarial objectness gradient attacks, coined as TOG, which can cause the state-of-the-art deep object detection networks to suffer from untargeted random attacks or even targeted attacks with three types of specificity: (1) object-vanishing, (2) object-fabrication, and (3) object-mislabeling. Apart from tailoring an adversarial perturbation for each input image, we further demonstrate TOG as a universal attack, which trains a single adversarial perturbation that can be generalized to effectively craft an unseen input with a negligible attack time cost. Also, we apply TOG as an adversarial patch attack, a form of physical attacks, showing its ability to optimize a visually confined patch filled with malicious patterns, deceiving well-trained object detectors to misbehave purposefully.

No Attack TOG-vanishing TOG-fabrication TOG-mislabeling

This repository contains the source code for the following papers in our lab:

  • Ka-Ho Chow, Ling Liu, Margaret Loper, Juhyun Bae, Mehmet Emre Gursoy, Stacey Truex, Wenqi Wei, and Yanzhao Wu. "Adversarial Objectness Gradient Attacks in Real-time Object Detection Systems." In IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications, 2020. [PDF] [Talk]
  • Ka-Ho Chow, Ling Liu, Mehmet Emre Gursoy, Stacey Truex, Wenqi Wei, and Yanzhao Wu. "Understanding Object Detection Through an Adversarial Lens." In European Symposium on Research in Computer Security, pp. 460-481. Springer, 2020. [PDF] [Talk]

Installation and Dependencies

This project runs on Python 3.6. You are highly recommended to create a virtual environment to make sure the dependencies do not interfere with your current programming environment. By default, GPUs will be used to accelerate the process of adversarial attacks.

To create a virtual environment, run the following command in terminal:

python3 -m venv venv
source venv/bin/activate

To install related packages, run the following command in terminal:

pip install --upgrade pip
pip install -r requirements.txt

Instruction

TOG attacks support both one-phase and two-phase object detectors. In this repository, we include five object detectors trained on the VOC dataset. We prepare a Jupyter notebook for each victim detector to demonstrate the TOG attacks. Pretrained weights are available for download, and the links are provided in the corresponding notebook.

  • TOG-untargeted, TOG-vanishing, TOG-fabrication, and TOG-mislabeling
  • TOG-patch: [link]
  • TOG-universal: [link] - Pretrained universal perturbations (both vanishing and fabrication) for all supported models are available [here].

Status

We are continuing the development and there is ongoing work in our lab regarding adversarial attacks and defenses on object detection. If you would like to contribute to this project, please contact Ka-Ho Chow.

The code is provided as is, without warranty or support. If you use our code, please cite:

@inproceedings{chow2020adversarial,
  title={Adversarial Objectness Gradient Attacks in Real-time Object Detection Systems},
  author={Chow, Ka-Ho and Liu, Ling and Loper, Margaret and Bae, Juhyun and Emre Gursoy, Mehmet and Truex, Stacey and Wei, Wenqi and Wu, Yanzhao},
  booktitle={IEEE International Conference on Trust, Privacy and Security in Intelligent Systems, and Applications},
  pages={263--272},
  year={2020},
  organization={IEEE}
}
@inproceedings{chow2020understanding,
  title={Understanding Object Detection Through an Adversarial Lens},
  author={Chow, Ka-Ho and Liu, Ling and Gursoy, Mehmet Emre and Truex, Stacey and Wei, Wenqi and Wu, Yanzhao},
  booktitle={European Symposium on Research in Computer Security},
  pages={460--481},
  year={2020},
  organization={Springer}
}

Our lab also investigates robust object detection against adversarial attacks, you can refer to:

@inproceedings{chow2021robust,
  title={Robust Object Detection Fusion Against Deception},
  author={Chow, Ka-Ho and Liu, Ling},
  booktitle={ACM SIGKDD International Conference on Knowledge Discovery and Data Mining},
  year={2021},
  organization={ACM}
}
@inproceedings{chow2022boosting,
  title={Boosting Object Detection Ensembles with Error Diversity},
  author={Chow, Ka-Ho and Liu, Ling},
  booktitle={IEEE International Conference on Data Mining},
  year={2022},
  organization={IEEE}
}

Acknowledgement

This project is developed based on the following repositories:

More Repositories

1

awesome-LLM-game-agent-papers

A Survey on Large Language Model-Based Game Agents
202
star
2

PokeLLMon

Python
167
star
3

DataPoisoning_FL

Code for Data Poisoning Attacks Against Federated Learning Systems
Python
158
star
4

BERT4ETH

BERT4ETH: A Pre-trained Transformer for Ethereum Fraud Detection (WWW23)
Python
96
star
5

GPTLens

Large Language Model-Powered Smart Contract Vulnerability Detection: New Perspectives (TPS23)
Solidity
70
star
6

EllipticPlusPlus

Elliptic++ Dataset: A Graph Network of Bitcoin Blockchain Transactions and Wallet Addresses
Jupyter Notebook
64
star
7

CPL_attack

Jupyter Notebook
34
star
8

awesome_LLM-harmful-fine-tuning-papers

A survey on harmful fine-tuning issue for large language model
30
star
9

scale-fl

Code for ScaleFL
Python
28
star
10

AdaTrace

Utility-aware synthesis of differentially private and attack-resilient location traces
Java
21
star
11

LRBench

A learning rate recommending and benchmarking tool.
Python
19
star
12

CLDP

Secure and utility-aware data collection with condensed local differential privacy
16
star
13

FastSwap

Dynamic and Transparent Memory Sharing for Accelerating Big Data Analytics Workloads in Virtualized Cloud
C
16
star
14

Vaccine

This is the official code for the paper "Vaccine: Perturbation-aware Alignment for Large Language Models" (NeurIPS2024)
Shell
15
star
15

EnsembleBench

A holistic framework for promoting high diversity ensemble learning.
Python
13
star
16

XMemPod

A disaggregated memory orchestration system that virtualizes cluster wide memory to scale data intensive, large memory workloads in virtualized clouds
Batchfile
13
star
17

Fed-CDP

Gradient-Leakage Resilient Federated Learning
Python
13
star
18

DLEdge

This project accelerates deep learning models on the edge with the support of running ensemble learning for performance improvement. The current version accelerates YOLO object detectors with Intel Neural Compute Stick 2 using parallel programming.
Python
13
star
19

Lockdown

A backdoor defense for federated learning via isolated subspace training (NeurIPS2023)
Python
13
star
20

EENet

Code for Adaptive Deep Neural Network Inference Optimization with EENet
Python
11
star
21

GTDLBench

Benchmarking Deep Learning Frameworks
Python
10
star
22

EMO

Efficient Multi-Object Tracking for Edge devices
Python
10
star
23

DP-Ensemble

Diversity Optimized Ensemble
Python
8
star
24

STDLens

7
star
25

Lisa

This is the official code for the paper "Lazy Safety Alignment for Large Language Models against Harmful Fine-tuning" (NeurIPS2024)
Python
7
star
26

DP_modelpublishing

Python
7
star
27

GTAttackPod

Deep neural networks (DNNs) have demonstrated impressive performance on many challenging machine learning tasks. However, DNNs are vulnerable to adversarial inputs generated by adding maliciously crafted perturbations to the benign inputs. As a growing number of attacks have been reported to generate adversarial inputs of varying sophistication, the defense-attack arms race has been accelerated. This project collects state-of-the-art attack algorithms and organizes them with a easy-to-use interface.
Python
7
star
28

EVA

Fast Edge Video Analytics
C++
6
star
29

ZipZap

Python
6
star
30

Perception-Poisoning

Perception Poisoning Attacks in Federated Learning
Python
6
star
31

Booster

This is the official code for the paper "Booster: Tackling Harmful Fine-tuning for Large Language Models via Attenuating Harmful Perturbation".
Shell
5
star
32

DLForecast

Graph mining of the bitcoin transaction data for tasks such as transaction prediction.
Python
5
star
33

HQ-Ensemble

Hierarchical Ensemble Pruning
Python
4
star
34

Valet

Efficient Orchestration of Host and Remote Shared Memory for Memory Intensive Workloads
C
4
star
35

HeteRobust

Python
3
star
36

recap

Code for CVPR24 Paper - Resource-Efficient Transformer Pruning for Finetuning of Large Models
Python
3
star
37

MSJE

MSJE Pytorch implementation
Python
2
star
38

membership_vulnerability

Python
2
star
39

GTModelZoo

HTML
2
star
40

ModelCloak

Code for ICDM 2023 Model Cloaking against Gradient Leakage
Jupyter Notebook
2
star
41

MD-CNN

Network Code for Multi-Dimension Convolutional Neural Network for Bug Localization
Python
1
star
42

GRING-App-Face_Exp_recog

G-RING application : Face Expression Recognition Federated Learning
Go
1
star
43

FUSE

Robust Object Detection Fusion Against Deception
Python
1
star
44

GRING-App-Disease_Classification

G-RING application : Implementation of disease classification federated learning task on G-RING
Go
1
star
45

PFT

Python
1
star
46

XEnsemble-1.0

Code for the XEnsemble Robust Deep Learnning project
Python
1
star
47

gt-mobisim

Simulator for generating mobility traces and query traces for large numbers of mobile agents moving in a road network.
Java
1
star
48

LRBenchPlusPlus

Jupyter Notebook
1
star
49

GRING

Go
1
star
50

TripleBit

TripleBit, a fast and compact system for large scale RDF graph. This is a mirror of https://github.com/CGCL-codes/TripeBit.
C++
1
star
51

SEJE

SEJE Pytorch implementation
Python
1
star
52

llm-topla

Jupyter Notebook
1
star