Git Product home page Git Product logo

daedalus-attack's Introduction

Daedalus-attack

The code of our paper "Daedalus: Breaking Non-Maximum Suppression in Object Detection via Adversarial Examples".

We propose an attack, in which we can tune the strength of the attack and specify the object category to attack, to break non-maximum suppression (NMS) in object detection. As the consequence, the detection model outputs extremely dense results as redundant detection boxes are not filtered by NMS.

Some results are displayed here: Alt text Adversarial examples made by our L2 attack. The first row contains original images. The third row contains our low-confidence (0.3) adversarial examples. The fifth row contains our high-confidence (0.7) examples. The detection results from YOLO-v3 are in the rows below them. The confidence controls the density of the redundant detection boxes in the detection results.

Launching real-world attacks via a Daedalus poster

We instantiated the Daedalus perturbation into a physical poster. You can watch the demo of the attack on YouTube: Watch the video The code for generating posters against YOLO-v3 is in this repository (for academic purpose only).

Running the attack against YOLO-v3:

  1. Download yolo.h5 and put it into '../model';
  2. Put original images into '../Datasets/COCO/val2017/';
  3. Run l2_yolov3.py.

Running the attack against RetinaNet:

  1. Install keras-retinanet;
  2. Download resnet50_coco_best_v2.1.0.h5 and put it into '../model';
  3. Put original images into '../Datasets/COCO/val2017/';
  4. Run l2_retinanet.py.

Running ensemble attack to craft robust adversarial examples:

Run l2_ensemble.py after completing the above setups for YOLO-v3 and RetinaNet attacks.

All attacks can specify object categories to attack. Crafted adversarial examples will be stored as 416X416 sized .png files in '../adv_examples/...'. The examples can be tested on official darknet and retinanet.

Cite this work:

@artical{9313033,  
author={Wang, Derui and Li, Chaoran and Wen, Sheng and Han, Qing-Long and Nepal, Surya and Zhang, Xiangyu and Xiang, Yang}, 
journal={IEEE Transactions on Cybernetics},  
title={Daedalus: Breaking Nonmaximum Suppression in Object Detection via Adversarial Examples},  
year={2021}, 
volume={}, 
number={},
pages={1-14},
doi={10.1109/TCYB.2020.3041481}}

daedalus-attack's People

Contributors

neuralsec avatar

Stargazers

avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar avatar

Watchers

avatar avatar avatar

Forkers

qyue xubo0321 xiaodanli001 marinakeyrouz repo-collection ruruby akila-ayanthi

daedalus-attack's Issues

Faster R-CNN

Hi,

I would like to know if anyone has tested this on a Faster R-CNN framework?
I am currently doing my thesis and need to create adversarial attacks on satellite images using Faster-RCNN.

download article

Hi,
How can I download your paper?
I couldn't find it on the internet.

Requirements file

Is there a requirements file for this project? I know its a few years old now.

Loss Function Error for L2 YoloV3

Hello,
I am attempting to run the l2_yolov3 section of code and coming across the error:
"AbortedError (see above for traceback): Operation received an exception:Status: 3, message: could not create a dilated convolution forward descriptor, in file tensorflow/core/kernels/mkl_conv_ops.cc:1111".
I have traced this error to some of the loss function initializations/calculations once X_adv, distortions = attacker.attack(X_test) is executed. It looks like the loss values are not being stored properly in a tensor. This issue might be tied with the newest version of TF& Keras, but any help regarding this issue would be greatly appreciated.
Thank you for your time.
-Lena

Detection with the original YOLO3

Hi, thank you very much for the project,
would appreciate your help,
We're trying to run the adversarial examples from your site, as they are
over the original Yolo3 (the C version) and it does detect a person,
For example we tried taking 'Best\ example\ of\ 5\ Distortion\ 99.68110656738281.png' from this site, and run it as it is over the Original Yolo3, and we do see a person detection in Yolo's output.
Are we doing something wrong? or maybe the examples need to be run against the detector they were trained upon?

Best regards,
Blingo

how to check results

Hi,
i have tried your project and train your network on a specific image from COCO dataset.
eventually i got few files:
-best example of distortion
-Daedalus example batch .npz
-Distortion of image . npy
-X_adv. npy
-distortions.npy

how can i use them to see the detection before the attack and the final image after the attack?

thanks

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.