Beyond PhantomSponges: Enhancing Sponge Attack on Object Detection Models

Research output: Chapter in Book/Conference proceedings/Edited volumeConference contributionScientificpeer-review

21 Downloads (Pure)

Abstract

Given today's ongoing deployment of deep learning models, ensuring their security against adversarial attacks has become paramount. This paper introduces an enhanced version of the PhantomSponges attack by Shapira et al. The attack exploits the non-maximum suppression (NMS) algorithm in YOLO object detection (OD) models without compromising OD, substantially increasing inference time. Our enhancement focuses on improving the attack's impact on YOLOv5 models by modifying its bounding box area loss term, aiming to directly decrease the intersection over union and, thus, exacerbate the computational load on NMS. Through a parameter study using the Berkeley Deep Drive dataset, we evaluate the enhanced attack's efficacy against various sizes of YOLOv5, demonstrating, under certain circumstances, an improved capability to increase NMS time with a minimal loss in OD accuracy. Furthermore, we propose a novel defense that dynamically resizes input images to mitigate the attack's effectiveness, showcasing a substantial restoration in inference speed and OD accuracy. Our findings show that the enhanced attack could result in a 550% increase in NMS time on the YOLOv5 small configuration. Moreover, our defense's results show a substantial decrease of 90.18% in NMS execution time when applied to an attacked YOLOv5 large model.

Original languageEnglish
Title of host publicationWiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning
PublisherAssociation for Computing Machinery (ACM)
Pages14-19
Number of pages6
ISBN (Electronic)9798400706028
DOIs
Publication statusPublished - 2024
Event2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024 - Seoul, Korea, Republic of
Duration: 30 May 2024 → …

Publication series

NameWiseML 2024 - Proceedings of the 2024 ACM Workshop on Wireless Security and Machine Learning

Conference

Conference2024 ACM Workshop on Wireless Security and Machine Learning, WiseML 2024
Country/TerritoryKorea, Republic of
CitySeoul
Period30/05/24 → …

Keywords

  • adversarial machine learning
  • object detection
  • sponge attacks

Fingerprint

Dive into the research topics of 'Beyond PhantomSponges: Enhancing Sponge Attack on Object Detection Models'. Together they form a unique fingerprint.

Cite this