Core Concepts
We introduce the first unified black-box adversarial patch attack framework against pixel-wise regression tasks, such as monocular depth estimation and optical flow estimation, to identify the vulnerabilities of these models under query-based black-box attacks.
Abstract
The paper introduces a novel unified black-box adversarial patch attack framework against pixel-wise regression tasks, such as monocular depth estimation (MDE) and optical flow estimation (OFE).
Key highlights:
- Pixel-wise regression tasks are widely used in security-critical applications like autonomous driving, but their adversarial robustness is not sufficiently studied, especially in the black-box scenario.
- The authors propose a square-based adversarial patch optimization framework, employing probabilistic square sampling and score-based gradient estimation, to overcome the scalability issues of previous black-box patch attacks.
- The attack prototype, named BADPART, is evaluated on 7 MDE and OFE models, outperforming 3 baseline black-box methods in terms of both attack performance and efficiency.
- BADPART is also applied to attack the Google online service for portrait depth estimation, causing a 43.5% relative distance error with 50K queries.
- State-of-the-art countermeasures cannot effectively defend against the proposed attack.
Stats
The paper does not provide any specific numerical data or metrics in the main text. The evaluation section focuses on comparing the attack performance of the proposed method and baseline approaches.
Quotes
The paper does not contain any direct quotes that are crucial to the key logics.