Adversarial Patch Attack for Ship Detection via Localized Augmentation

Current ship detection techniques based on remote sensing imagery primarily rely on the object detection capabilities of deep neural networks (DNNs). However, DNNs are vulnerable to adversarial patch attacks, which can lead to misclassification by the detection model or complete evasion of the targets. Numerous studies have demonstrated that data transformation-based methods can improve the transferability of adversarial examples. However, excessive augmentation of image backgrounds or irrelevant regions may introduce unnecessary interference, resulting in false detections of the object detection model. These errors are not caused by the adversarial patches themselves but rather by the over-augmentation of background and non-target areas. This paper proposes a localized augmentation method that applies augmentation only to the target regions, avoiding any influence on non-target areas. By reducing background interference, this approach enables the loss function to focus more directly on the impact of the adversarial patch on the detection model, thereby improving the attack success rate. Experiments conducted on the HRSC2016 dataset demonstrate that the proposed method effectively increases the success rate of adversarial patch attacks and enhances their transferability.

Key Contributions

• Localized augmentation strategy that restricts data transformations to target regions only, preventing background over-augmentation from destabilizing adversarial patch optimization
• Improved adversarial patch transferability across YOLOv5 model variants (YOLOv5-M, YOLOv5-S, YOLOv5-N) on remote sensing ship imagery
• Demonstrates that background over-augmentation in prior methods introduces false detections that corrupt loss signal during patch optimization

🛡️ Threat Analysis

Details

Similar Papers