Higher-Order Adversarial Patches for Real-Time Object Detectors

Higher-order adversarial attacks can directly be considered the result of a cat-and-mouse game -- an elaborate action involving constant pursuit, near captures, and repeated escapes. This idiom describes the enduring circular training of adversarial attack patterns and adversarial training the best. The following work investigates the impact of higher-order adversarial attacks on object detectors by successively training attack patterns and hardening object detectors with adversarial training. The YOLOv10 object detector is chosen as a representative, and adversarial patches are used in an evasion attack manner. Our results indicate that higher-order adversarial patches are not only affecting the object detector directly trained on but rather provide a stronger generalization capacity compared to lower-order adversarial patches. Moreover, the results highlight that solely adversarial training is not sufficient to harden an object detector efficiently against this kind of adversarial attack. Code: https://github.com/JensBayer/HigherOrder

Key Contributions

• Introduces the concept of higher-order adversarial patches produced by iteratively cycling between patch optimization and adversarial training in a cat-and-mouse dynamic
• Demonstrates that higher-order patches generalize better across models and datasets compared to lower-order patches
• Shows that adversarial training alone is insufficient to harden an object detector against higher-order adversarial patch attacks

🛡️ Threat Analysis

Details

Similar Papers