Spatially Constrained Adversarial Attack Detection and Localization in the Representation Space of Optical Flow Networks

Spatially Constrained Adversarial Attack Detection and Localization in the Representation Space of Optical Flow Networks

Hannah Kim, Celia Cintas, Girmaw Abebe Tadesse, Skyler Speakman

Proceedings of the Thirty-Second International Joint Conference on Artificial Intelligence
Main Track. Pages 965-973. https://doi.org/10.24963/ijcai.2023/107

Optical flow estimation have shown significant improvements with advances in deep neural networks. However, these flow networks have recently been shown to be vulnerable to patch-based adversarial attacks, which poses security risks in real-world applications, such as self-driving cars and robotics. We propose SADL, a Spatially constrained adversarial Attack Detection and Localization framework, to detect and localize these patch-based attack without requiring a dedicated training. The detection of an attacked input sequence is performed via iterative optimization on the features from the inner layers of flow networks, without any prior knowledge of the attacks. The novel spatially constrained optimization ensures that the detected anomalous subset of features comes from a local region. To this end, SADL provides a subset of nodes within a spatial neighborhood that contribute more to the detection, which will be utilized to localize the attack in the input sequence. The proposed SADL is validated across multiple datasets and flow networks. With patch attacks 4.8% of the size of the input image resolution on RAFT, our method successfully detects and localizes them with an average precision of 0.946 and 0.951 for KITTI-2015 and MPI-Sintel datasets, respectively. The results show that SADL consistently achieves higher detection rates than existing methods and provides new localization capabilities.
Keywords:
Computer Vision: CV: Motion and tracking
Computer Vision: CV: Adversarial learning, adversarial attack and defense methods