文章目录
- 一、QuantAttack: Exploiting Dynamic Quantization to Attack Vision Transformers(QuantAttack:利用动态量化攻击视觉Transformer)
- 二、Realistic Scatterer Based Adversarial Attacks on SAR Image Classifiers(基于真实感散射体的SAR图像分类器对抗性攻击)
- 三、Singular Regularization with Information Bottleneck Improves Model's Adversarial Robustness(带信息瓶颈的奇异正则化提高模型的对抗稳健性)
- 四、Enhancing Vehicle Entrance and Parking Management: Deep Learning Solutions for Efficiency and Security
一、QuantAttack: Exploiting Dynamic Quantization to Attack Vision Transformers(QuantAttack:利用动态量化攻击视觉Transformer)
标题: QuantAttack:利用动态量化攻击视觉Transformer
链接: https://arxiv.org/abs/2312.02220
作者: Amit Baras,Alon Zolfi,Yuval Elovici,Asaf Shabtai
摘要: 近年来,深度神经网络(DNN),特别是基于transformer的模型,有一个显著的趋势,即开发更大、更强大的模型。虽然它们展示了最先进的性能,但它们不断增长的规模需要增加的计算资源(例如,内存容量更大的GPU)。为了解决这个问题,量化技术(即,低位精度表示和矩阵乘法)。大多数量化技术采用静态策略,其中在训练或推断期间量化模型参数,而不考虑测试时间样本。相比之下,已经变得越来越流行的动态量化技术在基于所提供的输入的推断期间进行适应,同时保持全精度性能。然而,它们的动态行为和平均性能假设使它们容易受到一种新的威胁向量的攻击-针对模型效率和可用性的对抗性攻击。 在本文中,我们提出了QuantAttack,这是一种新的攻击,目标是量化模型的可用性,减慢推理速度,增加内存使用量和能耗。我们表明,精心制作的对抗性示例,旨在耗尽操作系统的资源,可以触发最坏情况下的性能。在我们的实验中,我们证明了我们对Vision Transformers的攻击在各种任务上的有效性,包括单模态和多模态。我们还研究了不同攻击变体的影响(例如,普遍扰动)和不同模型之间的可转移性。
摘要: In recent years, there has been a significant trend in deep neural networks (DNNs), particularly transformer-based models, of developing ever-larger and more capable models. While they demonstrate state-of-the-art performance, their growing scale requires increased computational resources (e.g., GPUs with greater memory capacity). To address this problem, quantization techniques (i.e., low-bit-precision representation and matrix multiplication) have been proposed. Most quantization techniques employ a static strategy in which the model parameters are quantized, either during training or inference, without considering the test-time sample. In contrast, dynamic quantization techniques, which have become increasingly popular, adapt during inference based on the input provided, while maintaining full-precision performance. However, their dynamic behavior and average-case performance assumption makes them vulnerable to a novel threat vector – adversarial attacks that target the model’s efficiency and availability. In this paper, we present QuantAttack, a novel attack that targets the availability of quantized models, slowing down the inference, and increasing memory usage and energy consumption. We show that carefully crafted adversarial examples, which are designed to exhaust the resources of the operating system, can trigger worst-case performance. In our experiments, we demonstrate the effectiveness of our attack on vision transformers on a wide range of tasks, both uni-modal and multi-modal. We also examine the effect of different attack variants (e.g., a universal perturbation) and the transferability between different models.
二、Realistic Scatterer Based Adversarial Attacks on SAR Image Classifiers(基于真实感散射体的SAR图像分类器对抗性攻击)
标题: 基于真实感散射体的SAR图像分类器对抗性攻击
链接: https://arxiv.org/abs/2312.02912
作者: Tian Ye,Rajgopal Kannan,Viktor Prasanna,Carl Busart,Lance Kaplan
摘要: 对抗性攻击凸显了基于机器学习的合成孔径雷达(SAR)自动目标识别(ATR)任务分类器的脆弱性。对抗性攻击会干扰地面目标的SAR图像,从而误导分类器做出不正确的预测。然而,许多现有的攻击技术依赖于任意操作的SAR图像,而忽略了对现实世界的SAR图像执行攻击的可行性。相反,对抗性攻击应该能够通过物理行为来实现,例如,在地面目标周围放置额外的虚假物体作为散射体,以干扰SAR图像并欺骗SAR ATR。 在本文中,我们提出了目标散射攻击(OTSA),一个基于散射的物理对抗攻击。为了确保其物理执行的可行性,我们对散射体的位置施加约束。具体来说,我们限制散射体仅放置在目标上,而不是在阴影区域或背景中。为了实现这一点,我们引入了一个基于高斯内核的定位分数,并制定了我们的OTSA攻击的优化问题。使用梯度上升方法来解决优化问题,OTSA可以生成描述散射体的位置、形状、大小和幅度的参数向量,以指导将误导SAR图像分类器的攻击的物理执行。实验结果表明,我们的攻击获得了显着更高的成功率下的定位约束相比,现有的方法。
摘要: Adversarial attacks have highlighted the vulnerability of classifiers based on machine learning for Synthetic Aperture Radar (SAR) Automatic Target Recognition (ATR) tasks. An adversarial attack perturbs SAR images of on-ground targets such that the classifiers are misled into making incorrect predictions. However, many existing attacking techniques rely on arbitrary manipulation of SAR images while overlooking the feasibility of executing the attacks on real-world SAR imagery. Instead, adversarial attacks should be able to be implemented by physical actions, for example, placing additional false objects as scatterers around the on-ground target to perturb the SAR image and fool the SAR ATR. In this paper, we propose the On-Target Scatterer Attack (OTSA), a scatterer-based physical adversarial attack. To ensure the feasibility of its physical execution, we enforce a constraint on the positioning of the scatterers. Specifically, we restrict the scatterers to be placed only on the target instead of in the shadow regions or the background. To achieve this, we introduce a positioning score based on Gaussian kernels and formulate an optimization problem for our OTSA attack. Using a gradient ascent method to solve the optimization problem, the OTSA can generate a vector of parameters describing the positions, shapes, sizes and amplitudes of the scatterers to guide the physical execution of the attack that will mislead SAR image classifiers. The experimental results show that our attack obtains significantly higher success rates under the positioning constraint compared with the existing method.
三、Singular Regularization with Information Bottleneck Improves Model’s Adversarial Robustness(带信息瓶颈的奇异正则化提高模型的对抗稳健性)
标题: 带信息瓶颈的奇异正则化提高模型的对抗稳健性
链接: https://arxiv.org/abs/2312.02237
作者: Guanlin Li,Naishan Zheng,Man Zhou,Jie Zhang,Tianwei Zhang
摘要: 对抗性示例是深度学习模型面临的最严重威胁之一。已经提出了许多作品来研究和捍卫对抗性的例子。但这些著作缺乏对对抗信息或扰动的分析,无法揭示对抗事例的奥秘,失去了恰当的解释。在本文中,我们的目标是通过研究作为非结构化噪声的对抗性信息来填补这一空白,这些信息没有明确的模式。具体来说,我们提供了一些奇异值分解的实证研究,通过将图像分解成几个矩阵,来分析不同攻击的对抗信息。在此基础上,我们提出了一个新的模型来规范对抗信息,并结合信息瓶颈理论,提出了理论上限制中间表示。因此,我们的方法是可解释的。此外,我们的设计时尚是一个新的原则,是普遍和统一的。配备了我们的新模块,我们在两个主流数据集上评估了两种流行的模型结构,并进行了各种对抗性攻击。结果表明,鲁棒精度的提高是显着的。另一方面,我们证明了我们的方法是有效的,只有几个额外的参数,并能够解释下的区域忠实性分析。
摘要:Adversarial examples are one of the most severe threats to deep learning models. Numerous works have been proposed to study and defend adversarial examples. However, these works lack analysis of adversarial information or perturbation, which cannot reveal the mystery of adversarial examples and lose proper interpretation. In this paper, we aim to fill this gap by studying adversarial information as unstructured noise, which does not have a clear pattern. Specifically, we provide some empirical studies with singular value decomposition, by decomposing images into several matrices, to analyze adversarial information for different attacks. Based on the analysis, we propose a new module to regularize adversarial information and combine information bottleneck theory, which is proposed to theoretically restrict intermediate representations. Therefore, our method is interpretable. Moreover, the fashion of our design is a novel principle that is general and unified. Equipped with our new module, we evaluate two popular model structures on two mainstream datasets with various adversarial attacks. The results indicate that the improvement in robust accuracy is significant. On the other hand, we prove that our method is efficient with only a few additional parameters and able to be explained under regional faithfulness analysis.
四、Enhancing Vehicle Entrance and Parking Management: Deep Learning Solutions for Efficiency and Security
标题: 加强车辆进入和停车管理:提高效率和安全性的深度学习解决方案
链接: https://arxiv.org/abs/2312.02699
作者: Muhammad Umer Ramzan,Usman Ali,Syed Haider Abbas Naqvi,Zeeshan Aslam,Tehseen,Husnain Ali,Muhammad Faheem
备注: Accepted for publication in the 25th International Multitopic Conference (INMIC) IEEE 2023, 6 Pages, 3 figures
摘要:在任何组织中,车辆入口和停车的自动管理都是一项复杂的挑战,包括记录保存,效率和安全问题。跟踪车辆和寻找停车位的手动方法速度很慢,而且浪费时间。为了解决车辆进入和停车的自动管理问题,我们利用了最先进的深度学习模型,并将车辆进入和停车的过程自动化到任何组织中。为了确保安全性,我们的系统集成了车辆检测,车牌验证以及人脸检测和识别模型,以确保人员和车辆在组织中注册。我们已经训练了多个深度学习模型,用于车辆检测、车牌检测、人脸检测和识别,然而,YOLOv 8 n模型的性能优于所有其他模型。此外,车牌识别是由谷歌的Tesseract-OCR引擎促进。通过集成这些技术,该系统提供了高效的车辆检测,精确的识别,简化的记录保存和优化的停车位分配,从而提高了便利性,准确性和安全性。未来的研究机会在于为广泛的实际应用微调系统性能。
摘要:The auto-management of vehicle entrance and parking in any organization is a complex challenge encompassing record-keeping, efficiency, and security concerns. Manual methods for tracking vehicles and finding parking spaces are slow and a waste of time. To solve the problem of auto management of vehicle entrance and parking, we have utilized state-of-the-art deep learning models and automated the process of vehicle entrance and parking into any organization. To ensure security, our system integrated vehicle detection, license number plate verification, and face detection and recognition models to ensure that the person and vehicle are registered with the organization. We have trained multiple deep-learning models for vehicle detection, license number plate detection, face detection, and recognition, however, the YOLOv8n model outperformed all the other models. Furthermore, License plate recognition is facilitated by Google’s Tesseract-OCR Engine. By integrating these technologies, the system offers efficient vehicle detection, precise identification, streamlined record keeping, and optimized parking slot allocation in buildings, thereby enhancing convenience, accuracy, and security. Future research opportunities lie in fine-tuning system performance for a wide range of real-world applications.