Physical passive patch adversarial attacks on visual odometry systems

Nemcovsky Y, Jacoby M, Bronstein AM, Baskin C. 2023. Physical passive patch adversarial attacks on visual odometry systems. 16th Asian Conference on Computer Vision. ACCV: Asian Conference on Computer Vision, LNCS, vol. 13847, 518–534.

Download (ext.)

Conference Paper | Published | English

Scopus indexed
Author
Nemcovsky, Yaniv; Jacoby, Matan; Bronstein, Alex M.ISTA ; Baskin, Chaim
Series Title
LNCS
Abstract
Deep neural networks are known to be susceptible to adversarial perturbations – small perturbations that alter the output of the network and exist under strict norm limitations. While such perturbations are usually discussed as tailored to a specific input, a universal perturbation can be constructed to alter the model’s output on a set of inputs. Universal perturbations present a more realistic case of adversarial attacks, as awareness of the model’s exact input is not required. In addition, the universal attack setting raises the subject of generalization to unseen data, where given a set of inputs, the universal perturbations aim to alter the model’s output on out-of-sample data. In this work, we study physical passive patch adversarial attacks on visual odometry-based autonomous navigation systems. A visual odometry system aims to infer the relative camera motion between two corresponding viewpoints, and is frequently used by vision-based autonomous navigation systems to estimate their state. For such navigation systems, a patch adversarial perturbation poses a severe security issue, as it can be used to mislead a system onto some collision course. To the best of our knowledge, we show for the first time that the error margin of a visual odometry model can be significantly increased by deploying patch adversarial attacks in the scene. We provide evaluation on synthetic closed-loop drone navigation data and demonstrate that a comparable vulnerability exists in real data. A reference implementation of the proposed method and the reported experiments is provided at https://github.com/patchadversarialattacks/patchadversarialattacks.
Publishing Year
Date Published
2023-03-11
Proceedings Title
16th Asian Conference on Computer Vision
Publisher
Springer Nature
Volume
13847
Page
518-534
Conference
ACCV: Asian Conference on Computer Vision
Conference Location
Macao, China
Conference Date
2022-12-04 – 2022-12-08
ISSN
eISSN
IST-REx-ID

Cite this

Nemcovsky Y, Jacoby M, Bronstein AM, Baskin C. Physical passive patch adversarial attacks on visual odometry systems. In: 16th Asian Conference on Computer Vision. Vol 13847. Springer Nature; 2023:518-534. doi:10.1007/978-3-031-26293-7_31
Nemcovsky, Y., Jacoby, M., Bronstein, A. M., & Baskin, C. (2023). Physical passive patch adversarial attacks on visual odometry systems. In 16th Asian Conference on Computer Vision (Vol. 13847, pp. 518–534). Macao, China: Springer Nature. https://doi.org/10.1007/978-3-031-26293-7_31
Nemcovsky, Yaniv, Matan Jacoby, Alex M. Bronstein, and Chaim Baskin. “Physical Passive Patch Adversarial Attacks on Visual Odometry Systems.” In 16th Asian Conference on Computer Vision, 13847:518–34. Springer Nature, 2023. https://doi.org/10.1007/978-3-031-26293-7_31.
Y. Nemcovsky, M. Jacoby, A. M. Bronstein, and C. Baskin, “Physical passive patch adversarial attacks on visual odometry systems,” in 16th Asian Conference on Computer Vision, Macao, China, 2023, vol. 13847, pp. 518–534.
Nemcovsky Y, Jacoby M, Bronstein AM, Baskin C. 2023. Physical passive patch adversarial attacks on visual odometry systems. 16th Asian Conference on Computer Vision. ACCV: Asian Conference on Computer Vision, LNCS, vol. 13847, 518–534.
Nemcovsky, Yaniv, et al. “Physical Passive Patch Adversarial Attacks on Visual Odometry Systems.” 16th Asian Conference on Computer Vision, vol. 13847, Springer Nature, 2023, pp. 518–34, doi:10.1007/978-3-031-26293-7_31.
All files available under the following license(s):
Copyright Statement:
This Item is protected by copyright and/or related rights. [...]

Link(s) to Main File(s)
Access Level
OA Open Access

Export

Marked Publications

Open Data ISTA Research Explorer

Sources

arXiv 2207.05729

Search this title in

Google Scholar
ISBN Search