attack 2025

Structured Universal Adversarial Attacks on Object Detection for Video Sequences

Sven Jacob 1,2, Weijia Shao 1, Gjergji Kasneci 2

1 Federal Institute for Occupational Safety and Health

2 Technical University of Munich

0 citations · 40 references · DAGM GCPR
α

Published on arXiv

2510.14460

Input Manipulation Attack

OWASP ML Top 10 — ML01

Key Finding

The proposed nuclear norm-regularized universal attack outperforms low-rank PGD and Frank-Wolfe baselines in attack effectiveness while generating more structured, imperceptible background perturbations across video frames.

AO-Exp-Attack

Novel technique introduced

Video-based object detection plays a vital role in safety-critical applications. While deep learning-based object detectors have achieved impressive performance, they remain vulnerable to adversarial attacks, particularly those involving universal perturbations. In this work, we propose a minimally distorted universal adversarial attack tailored for video object detection, which leverages nuclear norm regularization to promote structured perturbations concentrated in the background. To optimize this formulation efficiently, we employ an adaptive, optimistic exponentiated gradient method that enhances both scalability and convergence. Our results demonstrate that the proposed attack outperforms both low-rank projected gradient descent and Frank-Wolfe based attacks in effectiveness while maintaining high stealthiness. All code and data are publicly available at https://github.com/jsve96/AO-Exp-Attack.

Key Contributions

  • Nuclear norm regularization to promote structured, low-rank adversarial perturbations concentrated in the background rather than on moving foreground objects
  • Adaptive optimistic exponentiated gradient descent method enabling scalable and convergent optimization under nuclear norm regularization
  • Universal adversarial perturbation for video object detection that outperforms low-rank PGD and Frank-Wolfe-based attacks in effectiveness while maintaining higher stealthiness

🛡️ Threat Analysis

Input Manipulation Attack

The paper directly proposes and evaluates a novel gradient-based adversarial attack — a universal adversarial perturbation (UAP) — designed to cause object detectors to fail (object vanishing) at inference time. The contribution is a new attack formulation using nuclear norm regularization with an adaptive optimistic exponentiated gradient optimizer.

Details

Domains
vision
Model Types
cnntransformer
Threat Tags
white_boxinference_timeuntargeteddigital
Datasets
VOT (Visual Object Tracking) video benchmarks
Applications
video object detectionsafety monitoring systemsautonomous drivingindustrial surveillance
Read PDF arXiv DOI Code

Similar Papers

attack

Adversarial Attention Perturbations for Large Object Detection Transformers

2025 0 cit.
Input Manipulation Attack
100%
attack

Sequential Difference Maximization: Generating Adversarial Examples via Multi-Stage Optimization

2025 0 cit.
Input Manipulation Attack
100%
attack

DASH: A Meta-Attack Framework for Synthesizing Effective and Stealthy Adversarial Examples

2025 0 cit.
Input Manipulation Attack
100%
attack

RefSR-Adv: Adversarial Attack on Reference-based Image Super-Resolution Models

2026 0 cit.
Input Manipulation Attack
100%
attack

Less Is More: Sparse and Cooperative Perturbation for Point Cloud Attacks

2025 0 cit.
Input Manipulation Attack
100%
attack

A Unified Spatial Alignment Framework for Highly Transferable Transformation-Based Attacks on Spatially Structured Tasks

2026 0 cit.
Input Manipulation Attack
100%
attack

Optimizing the Adversarial Perturbation with a Momentum-based Adaptive Matrix

2025 0 cit.
Input Manipulation Attack
92%
attack

Enhancing Adversarial Transferability through Block Stretch and Shrink

2025 0 cit.
Input Manipulation Attack
92%